PDA

View Full Version : Local FXP with ioFTPD


mambule
11-27-2010, 03:03 PM
I want to FXP between 2 local machines, both running ioFTPD on Win7.
Ports are properly forwarded.

I'm stuck here:

501 PORT command failed: Transfer to specified network address is not allowed.

Any help is highly appreciated.

Regards

Yil
11-27-2010, 04:16 PM
At the moment the Changelog is probably the best place to look for details. Here's a bit from the 7.5.0 release notes:

6) The default settings for the new safety feature preventing the PORT
command from accessing private/local LAN IP addresses means you will need
to use PASV connections for local transfers using a FTP client on the LAN.
This is usually the default method so you probably won't notice. However
FXPing between 2 FTP servers across the local LAN (i.e. both 192.168.*)
will no longer work with the default settings. The server will also not
be able to FXP to itself (although if people want this I can probably
find a way to allow it). To enable FXP between two local machines you
can choose to either disable the new feature on one site, or you can
just define a second Service that is only accessible to machines on the
local LAN that has the feature disabled. The second Service method is
HIGHLY recommended because you can also do things like relax the encrypted
data transfer requirement which will improve local transfer speeds.

9) New ioFTPD.ini option (Deny_Port_Host_<num> under [FTP_Service]). Active
mode data transfers require the server to create connections to a user
specified IP/Port. For security reasons the server should be prevented
from initiating connections to the server box or any other machine behind
your firewall if you have one. By default the server will now block
access to the following non-routable private IP ranges: 10.*, 172.16.*,
192.168.*, and the loopback interface 127.*. To disable this feature
entirely just specify 0.0.0.0 as the host to block. Alternatively, you
may specify your own custom list of IP addresses/ranges to block.



I obviously like the 2nd service method as it's more flexible and you don't give up any safety. Basically you do something like this. Copy the [FTP_Service] section in the .ini file and rename the copy as [Local_Service] or whatever you want. Disable the Deny_Port_Host feature and, if set, the encrypted transfer requirements, and change the PORT to an IP that isn't forwarded in the router. Add the new service to the list of services to start automatically via
[Network]
Active_Services = FTP_Service Local_Service

Then locally connect to the new service/port instead of the other one and you should be good to go.

mambule
11-27-2010, 11:05 PM
Nice. Quick & straight to the point. And moreover, it worked out just perfectly. The 501s are gone.
Many thx for that, Yil.

However, i'm now stuck at this:

426 Connection closed: Connection timed out.

I'm having a direct local connection, PC to PC, w/ SW firewall disabled. One of them is connected to another network, so i bound ioFTPD via Bind = direct_local_connection_static IP.
I too disabled Require_Encryption on both instances.

Yil
11-28-2010, 01:16 AM
Hmm, I don't think you want to use the BIND feature. That's only when you have a machine that has 2 network cards and you want to make ioFTPD only use the network on one of them. If you attempt to force BIND to use a network that doesn't match one of your local interfaces things won't work... Try not setting that.

Flow
11-28-2010, 05:59 AM
Hi Yil! Santa Yil coming with 6.0ver for x-mas?

mambule
11-28-2010, 12:20 PM
That was indeed the issue. Everything is fine now. Many thx for helping me out. Awesome work, Yil.