Not recognizing this CGNAT space results in failed passive transfers and the following error:
Code: Select all
Data peer IP [A.B.C.D] differs from control peer IP [100.x.x.x]: this shouldn't happen, aborting the data connection.Passive Transfers Fail When Client Has CGNAT IP
Moderator: Project members
-
hossbachj
- 500 Command not understood
- Posts: 5
- Joined: 2017-10-13 16:18
- First name: John
- Last name: Hossbach
Passive Transfers Fail When Client Has CGNAT IP
In my server config, I'm using a hostname to provide the correct external IP for passive transfers. I also have the "Use the default host for local connections" option enabled. This works great for the private network address space, however, it does not recognize the Carrier-grade NAT (CGNAT) address space, which is also non-Internet-routable IP space. Can we please get 100.64.0.0/10 added to the exception list? I've confirmed this is still a problem with FileZilla Server 1.7.3.
Not recognizing this CGNAT space results in failed passive transfers and the following error:
I wanted to post here before opening a bug in the bug report tracker. If that is the advisable course of action, I will do that.
Not recognizing this CGNAT space results in failed passive transfers and the following error:
-
hossbachj
- 500 Command not understood
- Posts: 5
- Joined: 2017-10-13 16:18
- First name: John
- Last name: Hossbach
Re: Passive Transfers Fail When Client Has CGNAT IP
What's happening here is that the CGNAT address space is being treated as a non-local connection and is being sent the "public" IP (resolved from the hostname provided) in the 227 response. Instead, CGNAT address space should be treated the same as private network address space and the 227 response should have the server's IP.
-
hossbachj
- 500 Command not understood
- Posts: 5
- Joined: 2017-10-13 16:18
- First name: John
- Last name: Hossbach
Re: Passive Transfers Fail When Client Has CGNAT IP
Sample logs:
- 100.x.x.x - Client CGNAT IP (IP assigned to client)
- 9.8.7.6 - Client Public Outbound NAT IP
- 1.2.3.4 - Server
Code: Select all
2023-10-02T16:00:23.572Z << [FTP Session 15 100.x.x.x] 220-FileZilla Server 1.7.3
2023-10-02T16:00:23.572Z << [FTP Session 15 100.x.x.x] 220 Please visit https://filezilla-project.org/
2023-10-02T16:00:23.650Z >> [FTP Session 15 100.x.x.x] USER myuser
2023-10-02T16:00:23.650Z << [FTP Session 15 100.x.x.x] 331 Please, specify the password.
2023-10-02T16:00:23.728Z >> [FTP Session 15 100.x.x.x] PASS ****
2023-10-02T16:00:23.806Z << [FTP Session 15 100.x.x.x myuser] 230 Login successful.
2023-10-02T16:00:23.900Z >> [FTP Session 15 100.x.x.x myuser] PWD
2023-10-02T16:00:23.900Z << [FTP Session 15 100.x.x.x myuser] 257 "/" is current directory.
2023-10-02T16:00:23.994Z >> [FTP Session 15 100.x.x.x myuser] CWD somedir
2023-10-02T16:00:23.994Z << [FTP Session 15 100.x.x.x myuser] 250 CWD command successful
2023-10-02T16:00:24.088Z >> [FTP Session 15 100.x.x.x myuser] PASV
2023-10-02T16:00:24.088Z << [FTP Session 15 100.x.x.x myuser] 227 Entering Passive Mode (1,2,3,4,195,234)
2023-10-02T16:00:24.228Z !! [FTP Session 15 100.x.x.x myuser] Data peer IP [9.8.7.6] differs from control peer IP [100.x.x.x]: this shouldn't happen, aborting the data connection.
2023-10-02T16:00:24.244Z >> [FTP Session 15 100.x.x.x myuser] TYPE I
2023-10-02T16:00:24.244Z << [FTP Session 15 100.x.x.x myuser] 200 Type set to I
2023-10-02T16:00:24.322Z >> [FTP Session 15 100.x.x.x myuser] SIZE somefile.ext
2023-10-02T16:00:24.322Z << [FTP Session 15 100.x.x.x myuser] 213 2015
2023-10-02T16:00:24.385Z >> [FTP Session 15 100.x.x.x myuser] RETR somefile.ext
2023-10-02T16:00:24.385Z << [FTP Session 15 100.x.x.x myuser] 425 Unable to build data connection: EINVAL - Invalid argument passed
2023-10-02T16:00:24.463Z >> [FTP Session 15 100.x.x.x myuser] QUIT
2023-10-02T16:00:24.463Z << [FTP Session 15 100.x.x.x myuser] 221 Goodbye.