C# FTP SafeTP IIS & PassivePortRange

  • Thread starter Thread starter Pete
  • Start date Start date
P

Pete

I'm writing an FTP application in C# and decided to try
SafeTP(http://www.cs.berkeley.edu/~smcpeak/safetp/) for data
encryption. The FTP Server is running on a 2003 Server w/IIS 6.x and is
behind a netgear firewall/router (FVS124G). This is my first ftp
application.

My issue is that when the remote client requests a passive connection
(PASV), the ip/port returned to the application are not in the range
that I specified in the server's PassivePortRange
setting(http://support.microsoft.com/?id=555022). I have created a rule
on the netgear router to forward requests to these ports (5750 - 5800)
but the client always receives a port < 5000 from the ftp server. Is
the router or safetp changing the port #? If I create a rule on the
router on-the-fly for the port that is returned to the client, the
client connects and downloads, lists etc successfully.

One additional note:
The ip address returned by the ftp server is the internal LAN ip. The
remote ftp client ignores that ip and always sends to the routers
external address. This all seems to work fine except that the port
number is not in the range I expect. I suppose ~something~ is changing
the port or for some reason my attempts to configure PassivePortRange
are failing (even though it appears to succeed as described in the MS
article). I've restarted FTP, IIS in between modifications and tested
by configuring out of range ports which causes FTP service to fail when
starting.

Anyone have any suggestions? Should I be using WebDAV or ....? All
comments/suggestions are greatly appreciated.
 
To answer my own question... it's SafeTP modifying the port #. So, the
question now is how to get data encryption without modifying the port
#.
Pete
 
Back
Top