1

A project we work with needs some data from a third-party that is given to us through FTP, and we get the file to later process it as a part of our pipelines. It has suddenly become a problem as we can't get the data anymore. I've attempted getting the data through both active (connection hangs) and passive mode, to no success.

I've noticed that I am able to get the file when using FileZilla, so I'm sure that I could somehow reproduce what FileZilla does to get the file programmatically. The issue seems to be a configuration error on the third-party's side, as when we do requests in Passive mode, we get a local IP address from the server instead of the actual server's IP. FileZilla outputs the following:

Command:    PASV
Response:   227 Entering Passive Mode (a local IP address is given here).
Status: Server sent passive reply with unroutable address. Using server address instead.

What does FileZilla do to use the server address instead? I've tried reproducing this through manual FTP commands but haven't had any luck.

hsf
  • 13

1 Answers1

1

The server you are connecting to is badly configured.

The way the FTP handshake works is described by Wikipedia File Transfer Protocol (FTP).

  • In active mode, the client starts listening for incoming data connections from the server on port M. It sends the FTP command PORT M to inform the server on which port it is listening. The server then initiates a data channel to the client from its port 20, the FTP server data port.
  • In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection from an arbitrary client port to the server IP address and server port number received.

The FTP server in your case most likely should be connected-to using passive mode. However, when sending its server IP address and port, it has by mistake sent its local IP address on its local network, which is of course inaccessible (or unroutable) on the outside from the internet.

FileZilla has protected itself from such cases, as described in the link given by user Kamil Maciorowski.

FileZilla simply check for IP addresses that are typically local, and ignores any such IP address sent by the server, continuing to use the initial IP address as used for the initial connection.

In short, the problem is not on your side, but on the server side, where some bad configuration was now done that confuses your third-party app. The app is probably truly trying to use this unusable IP address.

You should get in touch with both parties, the app author and the server admin, and ask them each to correct his own error. The server should return the right IP, and the app should ignore any returned local IP (or any returned IP at all).

harrymc
  • 498,455