Indy 10 SSL FTP 1

[ThunderForest]

Googled-out here. Using the Indy 10 components, I have developed an SSL-FTP console app that will execute all standard FTP commands in passive mode. I also use IdSSLIOHandlerSocketOpenSSL as the IOHandler, and IdLogEvent as the intercept. The FTP server is IpSwitch WS-FTP. The utility works very well - inside the LAN. From outside the LAN, e.g., WorkStation->Firewall w/NAT enabled->Internet->Firewall w/NAT enabled->Our FTP Server, the utility hangs when attempting to execute anything requiring a data port, i.e., list, copy, etc. I have also tried active mode and will receive the 425 Can't open data connection error. No problem connecting, or retrieving the current directory, or with control port commands. Out network administrator says everything is configured correctly on the LANs, and I tend to agree because another commercial FTP utility (MoveIt Freely) works. The utility I developed uses the same command line parameters the MoveIt Freely utility uses, with one exception, which is where I think the problem lies:

"The -natpasv parameter tells MOVEit Freely to ignore the IP address specified by the FTP server when the FTP server tells Freely to make a data connection in passive mode. Instead, when this parameter is specified, MOVEit Freely will connect to the IP address that it used to make the control connection."

Indy says in their online help:

"We do not recommend placing a FTP server using SSL behind a NAT at all. The NAT can not translate the IP address given as a reply to the PASV command on the control connection into an address that works outside of the internal network."

My question is what am I missing here? It seems obvious that it can be done. Is it neccessary that I must use the Indy 10 FTP server component in conjunction with the Indy 10 FTP Client? I haven't tried this, but am reluctant to do so because my client would be very reluctant to change their FTP server configuration. Thanks for any assistance.


Getting answers before I'm asked.
Providing answers if I can.

 

[Griffyn]

I'm not sure if this will help solve your problem, but I recommend reading up on the difference between Active and Passive FTP modes, and how each mode affects the use of ports and IP addresses. Wikipedia should be able to help.

I'm thinking it's probably to do with how your firewall has been set up to allow your client to connect to your FTP server.

 

[ThunderForest]

Believe me, I've done my reading, but I appreciate your comments. There is so little information out there on this problem, so yesterday I went a step further and contacted

http://newsgroups.borland.com/cgi-b...&group=borland.public.delphi.internet.winsock

As a result, Indy added TIdFTP property PassiveUseControlHost to the Indy VCL. If you download the developers version (v10.1.6), that property is now available. It works perfectly by setting that property to True. Hats off to a very dedicated group at

http://www.indyproject.org

.

Getting answers before I'm asked.
Providing answers if I can.

 

[ThunderForest]

BTW, that wasn't my thread that first displays when you click the newsgroup link. I just added that link to get you there. Click on Latest Items, 10 May 2007, Indy 10 SSL FTP.

Getting answers before I'm asked.
Providing answers if I can.