ftplib problems with firewall
lance <lance_99_99@
no_spam>yahoo.com
Tue Aug 1 18:18:06 EDT 2000
David Bolen wrote:
> (Oh, and I'm presuming you mean a real FTP client and not a web
> browser to an FTP: URL, right? The latter can be proxied differently
> than a pure FTP client)
No browser, just the standard FTP client.
>
> Since you mention tcpdump - it would be really interesting to see what
> was happening with your other FTP client that works, when for example,
> you do a directory listing, since that might give a hint as to how it
> could possibly work with outbound rules only, since that's sort of
> perplexing. Maybe the IP filter is looking for a specific format of
> the PORT command which is different with ftplib. I'm just guessing
> though :-)
>
Alright, I made a tcpdump for both the FTP client and ftplib.
tcpdump for the FTP client, in which I log in, get the directory listing and log
out (succesfully):
client.42248 > server.21: tcp 0
server.21 > client.42248: tcp 0 (DF)
client.42248 > server.21: tcp 0
server.21 > client.42248: tcp 96 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
server.20 > client.48422: tcp 0 (DF) [tos 0x8]
client.42248 > server.21: tcp 15 [tos 0x10]
server.21 > client.42248: tcp 0 (DF) [tos 0x10]
server.21 > client.42248: tcp 37 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.42248 > server.21: tcp 14 [tos 0x10]
server.21 > client.42248: tcp 0 (DF) [tos 0x10]
server.21 > client.42248: tcp 30 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.42248 > server.21: tcp 6 [tos 0x10]
server.21 > client.42248: tcp 19 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.42248 > server.21: tcp 6 [tos 0x10]
server.21 > client.42248: tcp 37 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.42248 > server.21: tcp 6 [tos 0x10]
server.21 > client.42248: tcp 49 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.44558 > server.25597: tcp 0
server.25597 > client.44558: tcp 0 (DF)
client.44558 > server.25597: tcp 0
client.42248 > server.21: tcp 6 [tos 0x10]
server.21 > client.42248: tcp 55 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
server.25597 > client.44558: tcp 55 (DF) [tos 0x10]
client.44558 > server.25597: tcp 0 [tos 0x8]
server.25597 > client.44558: tcp 0 (DF) [tos 0x10]
client.44558 > server.25597: tcp 0 [tos 0x8]
client.44558 > server.25597: tcp 0 [tos 0x8]
server.25597 > client.44558: tcp 0 (DF) [tos 0x10]
server.21 > client.42248: tcp 24 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.42248 > server.21: tcp 6 [tos 0x10]
server.21 > client.42248: tcp 46 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
server.21 > client.42248: tcp 147 (DF) [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
client.42248 > server.21: tcp 0 [tos 0x10]
server.21 > client.42248: tcp 0 (DF) [tos 0x10]
Now for the unsuccesful attempt with the python ftplib, which logs in and then
tries to get the directory listing (and is blocked by the firewall):
client.35812 > server.21: tcp 0
server.21 > client.35812: tcp 0 (DF)
client.35812 > server.21: tcp 0
server.21 > client.35812: tcp 96 (DF) [tos 0x10]
client.35812 > server.21: tcp 0
client.35812 > server.21: tcp 15
server.21 > client.35812: tcp 0 (DF) [tos 0x10]
server.21 > client.35812: tcp 37 (DF) [tos 0x10]
client.35812 > server.21: tcp 0
client.35812 > server.21: tcp 14
server.21 > client.35812: tcp 0 (DF) [tos 0x10]
server.21 > client.35812: tcp 30 (DF) [tos 0x10]
client.35812 > server.21: tcp 0
client.35812 > server.21: tcp 8
server.21 > client.35812: tcp 20 (DF) [tos 0x10]
client.35812 > server.21: tcp 0
client.35812 > server.21: tcp 26
server.21 > client.35812: tcp 30 (DF) [tos 0x10]
client.35812 > server.21: tcp 0
client.35812 > server.21: tcp 10
server.21 > client.35812: tcp 0 (DF) [tos 0x10]
server.20 > client.13603: tcp 0 (DF) [tos 0x8]
client.35812 > server.21: tcp 0
server.21 > client.35812: tcp 0 (DF) [tos 0x10]
server.20 > client.13603: tcp 0 (DF) [tos 0x8]
The server does try the port for the data connection (13603) but the firewall
does not allow it, unlike with the regular FTP client, or even ICQ (which to my
knowledge also uses arbitrary ports).
Do you still think, after seeing the tcpdumps, that the regular FTP shouldn't
work either? Or is ftplib doing something different?
--lance
More information about the Python-list
mailing list