Filezilla Server Protection Level / Disable IP Check

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Locked
Message
Author
tmocker
500 Command not understood
Posts: 1
Joined: 2022-02-23 12:27
First name: Thomas
Last name: Mocker

Filezilla Server Protection Level / Disable IP Check

#1 Post by tmocker » 2022-02-23 12:32

Hello all,
I have the problem that due to the infrastructure, different Ip addresses are used to establish the connections:

I get the following message:
data peer ip differs from control peer ip

I found in a blog post that I can deactivate the IP check, but I can't find the setting in the current server version or do I have to enter it manually in the config?

https://knowledge.informatica.com/s/art ... uage=en_US

Where can I find this option?

Thanks a lot

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Filezilla Server Protection Level / Disable IP Check

#2 Post by botg » 2022-02-24 08:21

Please elaborate on your unusual infrastructure.

doctorclaw
500 Command not understood
Posts: 3
Joined: 2022-05-05 16:07
First name: Derek
Last name: Charles

Re: Filezilla Server Protection Level / Disable IP Check

#3 Post by doctorclaw » 2022-05-05 17:50

I have the same issue with 1.3.0 - I don't think there's anything particularly elaborate about my network infrastructure though.

I have a machine with 2 NICs, and my own FTP client using libcurl. When my FTP client connects to FileZilla server on another machine, I get "data peer ip differs from control peer ip".

This doesn't happen all the time - presumably libcurl is picking up either interface when it makes the passive connection, and sometimes it matches (and works) and sometimes it doesn't (and fails).

I have seen the same post that mentions "Disable IP Check":

https://knowledge.informatica.com/s/art ... uage=en_US

I see this (and other settings, e.g. "Custom welcome message") seem to have been eliminated from the server admin GUI - I have just bought the FileZilla Server manual to see if any settings are exposed in the XML config, but it appears not.

Is the "Disable IP Check" setting accessible at all?

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Filezilla Server Protection Level / Disable IP Check

#4 Post by botg » 2022-05-05 22:07

libcurl should bind the source port of the data connection to the same address as the source port of the active control connection. It can do so, because it knows it does work, due to the active control connection being living witness to the fact.

Note that are garbage-tier, if not outright malicious, third-party firewalls that utterly fail to respect how TCP/IP works.

doctorclaw
500 Command not understood
Posts: 3
Joined: 2022-05-05 16:07
First name: Derek
Last name: Charles

Re: Filezilla Server Protection Level / Disable IP Check

#5 Post by doctorclaw » 2022-05-06 08:49

There are no 3rd party firewalls (Windows defender is running on both boxes (I can try turning that off, see if makes any difference) and the two machines are on the same subnet of one of the NICs (and connected to the same switch with that NIC).

Just so I'm clear, are you saying there are no options I can configure with the current version of FileZilla Server to circumvent this issue in the short-term?

I'm going to have to investigate my client's network topology further, but it would be nice to tell my users I have a workaround and investigate the root cause while not under pressure.

If there's nothing I can do with FileZilla Server options then I can at least discount that and direct my attention to trying other things (trying CURLOPT_INTERFACE in my client code, or not using passive mode, perhaps).

Thanks, D.

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Filezilla Server Protection Level / Disable IP Check

#6 Post by botg » 2022-05-06 09:58

There is no workaround for this in FileZilla Server. The lesson we learned in the past is that any such workaround would typically become permanent solutions.

doctorclaw
500 Command not understood
Posts: 3
Joined: 2022-05-05 16:07
First name: Derek
Last name: Charles

Re: Filezilla Server Protection Level / Disable IP Check

#7 Post by doctorclaw » 2022-05-06 11:10

Ok, thanks for letting me know!

i3vi3v
500 Command not understood
Posts: 4
Joined: 2015-01-07 00:04
First name: Igor
Last name: Varfolomeev

Re: Filezilla Server Protection Level / Disable IP Check

#8 Post by i3vi3v » 2022-06-21 17:03

I just ran into this too, after updating FileZilla Server from 0.9.60 to 1.4.1.
The reason is that some stupid corporate internet gateway seem to rote connections differently (I cat see this - even by googling "my ip" a few times in a row would provide different results).

FTP clients behave weirdly - because FileZilla Server seem to not report them what's going wrong. Even FileZilla client.

My workaround was to install Filezilla Server version 0.9.60 again. The "Security settings -> Disable IP check" works well.

botg,
Could you please advice, which version was the last one with the "Disable IP check" feature?

User avatar
botg
Site Admin
Posts: 35508
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Filezilla Server Protection Level / Disable IP Check

#9 Post by botg » 2022-06-21 20:28

You need to contact your stupid corporate internet gateway administrator for further assistance.

Locked