Feature Request : Local subnet list for passive mode
Moderator: Project members
-
- 500 Command not understood
- Posts: 4
- Joined: 2009-01-03 02:14
- First name: Anders
- Last name: Bengtsson
Feature Request : Local subnet list for passive mode
In the passive mode settings on the server i have the option to "Don't use external IP for local connections".
Would it be possible to add a configurable list of subnets that the server would consider local.
Regards,
Anders
Would it be possible to add a configurable list of subnets that the server would consider local.
Regards,
Anders
-
- 500 Command not understood
- Posts: 4
- Joined: 2009-01-03 02:14
- First name: Anders
- Last name: Bengtsson
Re: Feature Request : Local subnet list for passive mode
Becuase I have several internal networks/subnets that I want to use normal mode and the external connections should use passive mode (ie on the outside of the FW).
Regards
Remorse
Regards
Remorse
Re: Feature Request : Local subnet list for passive mode
Should work fine as long as you are using private IP address ranges for your internal networks. What exactly is the problem?
-
- 500 Command not understood
- Posts: 4
- Joined: 2009-01-03 02:14
- First name: Anders
- Last name: Bengtsson
Re: Feature Request : Local subnet list for passive mode
I am not seeing this behaviour in the software.
In the passive mode setting i have the "Use the following IP address" set and added an IP address.
Also the "Use custom port range" is set and i have a span of 1000 ports 61000 - 62000.
The "Don't use external IP for local connections" is also set.
When i connect from 10.100.40.10 (Client) to 192.168.2.10 (Server) in passive mode it gives out the external IP.
I know that i could avoid this by setting the client to use active mode but i do not have control of all the clients.
Regards,
Remorse
In the passive mode setting i have the "Use the following IP address" set and added an IP address.
Also the "Use custom port range" is set and i have a span of 1000 ports 61000 - 62000.
The "Don't use external IP for local connections" is also set.
When i connect from 10.100.40.10 (Client) to 192.168.2.10 (Server) in passive mode it gives out the external IP.
I know that i could avoid this by setting the client to use active mode but i do not have control of all the clients.
Regards,
Remorse
Re: Feature Request : Local subnet list for passive mode
Private IP address ranges are unroutable, you shouldn't even be able to contact 192.168.0.0/16 from 10.0.0.0/8 imo.
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Feature Request : Local subnet list for passive mode
No, they're fully routeable. They're just private. Any router that is sending or receiving data on an Internet IP address -- that is, the public network -- should be configured to drop packets for private networks.
There's no reason you couldn't set up a private network to route between 10.0.0.0/8, 192.168.0.0/16, and 172.16-32.0.0/16 as long as it's still a private network. Remember, 192.168.0.0 is technically 255 class C networks. They're meant to be routable. I can't think of a case scenario where you'd exhaust the 10.0.0.0 subnet, but I suppose it could happen. The only time I've seen the problem come up is when two entities merge and need to merge networks as a part of migration.
You'll need to write a custom web script that can handle the decision making of what IP address needs to be returned. That's why you're given the "use external script" method.
There's no reason you couldn't set up a private network to route between 10.0.0.0/8, 192.168.0.0/16, and 172.16-32.0.0/16 as long as it's still a private network. Remember, 192.168.0.0 is technically 255 class C networks. They're meant to be routable. I can't think of a case scenario where you'd exhaust the 10.0.0.0 subnet, but I suppose it could happen. The only time I've seen the problem come up is when two entities merge and need to merge networks as a part of migration.
You'll need to write a custom web script that can handle the decision making of what IP address needs to be returned. That's why you're given the "use external script" method.
Re: Feature Request : Local subnet list for passive mode
Since you do have more than 16 million machines in your LAN (while else use more than one private address range), have you ever considered switching to IPv6? Far easier.
-
- 500 Command not understood
- Posts: 4
- Joined: 2009-01-03 02:14
- First name: Anders
- Last name: Bengtsson
Re: Feature Request : Local subnet list for passive mode
I'm sure we will switch to IPv6 some day but know i think it would just create more problems.botg wrote:Since you do have more than 16 million machines in your LAN (while else use more than one private address range), have you ever considered switching to IPv6? Far easier.
Thanks, i will give it a try.da chicken wrote:You'll need to write a custom web script that can handle the decision making of what IP address needs to be returned. That's why you're given the "use external script" method.
I think it would be a great feature though. Having a editable list with 10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12 by default.
Re: Feature Request : Local subnet list for passive mode
Won't work, the result is cached. Otherwise the default server handling the resolution would get hammered by millions of FZS installations each and every time the PASV command gets used.You'll need to write a custom web script that can handle the decision making of what IP address needs to be returned. That's why you're given the "use external script" method.