tokibito / django-ftpserver

FTP server application that used user authentication of Django.
https://django-ftpserver.readthedocs.org/en/latest/
MIT License
60 stars 30 forks source link

Rejected data connection to foreign address #23

Open zapsterdk opened 3 years ago

zapsterdk commented 3 years ago

Hi, I have a test server directly on the internet. But when I try to connect to this from a computer behind NAT I get this error:

python3 manage.py ftpserver -v 3 95.xxx.178.66:8002

[I 2021-09-07 10:39:18] concurrency model: async [I 2021-09-07 10:39:18] masquerade (NAT) address: None [I 2021-09-07 10:39:18] passive ports: None [I 2021-09-07 10:39:18] >>> starting FTP server on 95.xxx.178.66:8002, pid=90532 <<< [I 2021-09-07 10:39:21] 80.xxx.72.162:64707-[] FTP session opened (connect) [I 2021-09-07 10:39:21] 80.xxx.72.162:64707-[BOX-001] USER 'BOX-001' logged in. [W 2021-09-07 10:39:22] 80.xxx.72.162:64707-[BOX-001] Rejected data connection to foreign address 192.168.1.101:64708.

And then it drops the connection. Any idéers what to do here? I think I'm missing some piece of the puzzle but can't find it ;)

\Zapster

tokibito commented 3 years ago

@zapsterdk What is the client to connect the server? It seems using active mode(default). Could you try to use passive mode at the client side? And try to set the masquerade address to 95.xxx.178.66 at command option.

FTP procedure of over the internet :

  1. client connects to server
  2. client login
  3. client set mode to passive (because active mode can not connect over the NAT.)
  4. client send ftp command
  5. server returns address and port for data transfer (It requires masquerade address)
  6. client connects server for data transfer (using returned address and port by the server)
zapsterdk commented 3 years ago

Using passive mode seems to do the trick... Thanks!

One last question: How do I put these settings in the Django config for the server always to use passive with a port range?

tokibito commented 3 years ago

@zapsterdk Forcing passive mode at server side is nothing way. FTP client maybe configured explicitly use passive mode. You can write the port range by FTPSERVER_PASSIVE_PORTS in settings.py. see this: https://github.com/tokibito/django-ftpserver/blob/master/django_ftpserver/management/commands/ftpserver.py

I guess you to use systemd for running server application. You can write a command and command line option in the config of systemd.