search

giampaolo / pyftpdlib

Extremely fast and scalable Python FTP server library
MIT License
1.67k stars 266 forks source link

Docker Rejected data connection to foreign address #518

Closed DRAKUN closed 4 years ago

DRAKUN commented 4 years ago

[I 2020-01-29 11:27:29] >>> starting FTP server on 0.0.0.0:2121, pid=1 <<< [I 2020-01-29 11:27:29] concurrency model: async [I 2020-01-29 11:27:29] masquerade (NAT) address: 0.0.0.0/0 [I 2020-01-29 11:27:29] passive ports: 10000->65534 [I 2020-01-29 11:27:37] 172.17.0.1:60944-[] FTP session opened (connect) [I 2020-01-29 11:27:44] 172.17.0.1:60944-[] FTP session closed (disconnect). [I 2020-01-29 11:27:44] 172.17.0.1:60948-[] FTP session opened (connect) [I 2020-01-29 11:27:44] 172.17.0.1:60948-[user] USER 'user' logged in. [W 2020-01-29 11:27:44] 172.17.0.1:60948-[user] Rejected data connection to foreign address 127.0.0.1:56755. [I 2020-01-29 11:27:47] 172.17.0.1:60948-[user] FTP session closed (disconnect). [I 2020-01-29 11:27:47] 172.17.0.1:60952-[] FTP session opened (connect) [I 2020-01-29 11:27:47] 172.17.0.1:60952-[user] USER 'user' logged in. [I 2020-01-29 11:27:47] 172.17.0.1:60952-[user] CWD / 250 [W 2020-01-29 11:27:47] 172.17.0.1:60952-[user] Rejected data connection to foreign address 127.0.0.1:56760. [I 2020-01-29 11:27:50] 172.17.0.1:60952-[user] FTP session closed (disconnect). [I 2020-01-29 11:27:50] 172.17.0.1:60956-[] FTP session opened (connect) [I 2020-01-29 11:27:50] 172.17.0.1:60956-[user] USER 'user' logged in. [I 2020-01-29 11:27:50] 172.17.0.1:60956-[user] CWD / 250 [W 2020-01-29 11:27:50] 172.17.0.1:60956-[user] Rejected data connection to foreign address 127.0.0.1:56765

DRAKUN commented 4 years ago

when i started in local its ok but when i lauch it in a container impossible to connected

giampaolo commented 4 years ago

That's a security measure: https://pyftpdlib.readthedocs.io/en/latest/api.html?highlight=foreign#pyftpdlib.handlers.FTPHandler.permit_foreign_addresses You can disable the check by doing:

FTPHandler.permit_foreign_addresses = True

DRAKUN commented 4 years ago

It will be great to define network on permit foreign address like my container network range. Very good library. Well done and very good job

giampaolo commented 4 years ago

It will be great to define network on permit foreign address like my container network range.

What do you mean?

Very good library. Well done and very good job

Thanks.

KarthikNayak commented 4 years ago

@giampaolo Thanks for the tip. I'm using this library to host a FTP server on GCP + K8s. While turning this setting allows the FTP server to work as intended. Could you please explain why this is so? I'm not sure I understand.