ftplib problems with firewall
lance <lance_99_99@
no_spam>yahoo.com
Tue Aug 1 17:14:42 EDT 2000
David Bolen wrote:
> David Bolen <db3l at fitlinxx.com> writes:
>
> > I'm a bit surprised that you can use a normal client for FTP transfers
> > through your firewall configuration, and not ftplib. They'll both
> > require special entries in the firewall, but whatever works for one
> > should really work for both.
>
> Just to follow up to my previous response - one thing I did think of
> that might explain such behavior is if your FTP client happens to use
> a certain range of local ports (either via a special local version or
> something) that happens to match something configured in your
> firewall, but ftplib is picking local ports outside of that range.
>
That is not the case here I'm afraid. I have no 'pass in' rules at all
(well, except for one loopback rule), everything that is allowed in by the
firewall has been initiated by me:
pass out on <my NIC> proto tcp/udp from <my machine> to any keep state
pass out on <my NIC> proto icmp from <my machine> to any keep state
These 2 rules allow all programs to function perfectly (FTP, ICQ, ...), and
I cannot understand why ftplib won't work with these 2 rules.
In your previous post you mentioned the control connection and the
dynamically allocated data connection. Only the control connection is
allowed through, the data connection is indeed blocked (as confimed by
tcpdump). Which also explains why I can change directories, but cannot
download data or list the directory contents.
I added the following rule to the firewall as a quick hack:
pass in on <my NIC> proto tcp from <FTP machine> to <my machine>
but obviously, this is not something I want in my rulelist; it really should
work with the rules I have.
--lance
More information about the Python-list
mailing list