| 2010-08-31 21:08:50 |
Don Kirkby |
description |
In the document module, the ftp_server_passive_ports option is defined as two numbers separated by a colon. This should be interpreted as a range of port numbers, but it is interpreted as two separate numbers.
For example: if I specify ftp_server_passive_ports=5000:5003, I expect the ports 5000, 5001, 5002, and 5003 to be used. Instead, only 5000 and 5003 are used.
This is a problem because all the FTP clients I have tried open a new passive port for every request. This means that I can only make two requests before I run out of assigned passive ports, and the server starts using random ports.
The fix is really easy, just use the range function to generate a list of all the port numbers to use. The only trick is to make sure that you include the end port in the range. I'll attach a merge proposal. |
In the document module, the ftp_server_passive_ports option is defined as two numbers separated by a colon. This should be interpreted as a range of port numbers, but it is interpreted as two separate numbers.
For example: if I specify ftp_server_passive_ports=5000:5003, I expect the ports 5000, 5001, 5002, and 5003 to be used. Instead, only 5000 and 5003 are used.
This is a problem because all the FTP clients I have tried open a new passive port for every request. This means that I can only make two requests before I run out of assigned passive ports, and the server starts using random ports.
The fix is really easy, just use the range function to generate a list of all the port numbers to use. The only trick is to make sure that you include the end port in the range. I'll attach a merge proposal.
I'm using OpenERP 5.0.12 on Ubuntu 10.04. |
|
| 2012-07-19 19:55:31 |
Don Kirkby |
description |
In the document module, the ftp_server_passive_ports option is defined as two numbers separated by a colon. This should be interpreted as a range of port numbers, but it is interpreted as two separate numbers.
For example: if I specify ftp_server_passive_ports=5000:5003, I expect the ports 5000, 5001, 5002, and 5003 to be used. Instead, only 5000 and 5003 are used.
This is a problem because all the FTP clients I have tried open a new passive port for every request. This means that I can only make two requests before I run out of assigned passive ports, and the server starts using random ports.
The fix is really easy, just use the range function to generate a list of all the port numbers to use. The only trick is to make sure that you include the end port in the range. I'll attach a merge proposal.
I'm using OpenERP 5.0.12 on Ubuntu 10.04. |
The document_ftp module contains a configuration setting ftp_server_passive_ports that takes two numbers separated by a colon. This should be interpreted as a range of port numbers, but it is interpreted as two separate numbers.
Background:
When you install the document_ftp module, it uses 8022 as the main FTP connection port, and it will choose extra port numbers at random for FTP clients that use passive ports. These random port numbers cause problems with firewall rules, because you don't want to allow connections to all ports through the firewall.
Luckily, there is a configuration setting called ftp_server_passive_ports that takes two numbers separated by a colon. This should be interpreted as a range of port numbers for the FTP server to use as passive ports, but it is interpreted as just two port numbers.
For example: if I specify ftp_server_passive_ports=5000:5003, I expect the ports 5000, 5001, 5002, and 5003 to be used. Instead, only 5000 and 5003 are used.
This is a problem because all the FTP clients I have tried open a new passive port for every request. This means that I can only make two requests before I run out of assigned passive ports, and the server starts using random ports that aren't allowed through the firewall.
The fix is really easy, just use the range function to generate a list of all the port numbers to use. The only trick is to make sure that you include the end port in the range. I'll attach a merge proposal.
Steps to reproduce:
I'm running on Ubuntu 11.10, so the configuration commands may be slightly different on other systems.
1. Install the document_ftp module on the OpenERP server, and add the following settings to the configuration file:
ftp_server_host = 0.0.0.0
ftp_server_port = 9022
ftp_server_passive_ports = 16384:16639
2. Restart the server and log in to a database through your regular client. The FTP server doesn't start up until the first log in request.
3. Make sure the server's firewall is on and has most ports blocked. Allow TCP connections to port 9022 and the range 16384 to 16639. This is the command I used:
sudo ufw allow proto tcp from any to any port 9022,16384:16639
4. Check the server's IP address using ifconfig. For this example, we'll use 192.168.1.100.
5. Go to another computer on your network and connect to the FTP service. Make sure your FTP client uses passive connections. This is the command I used:
ftp -p 192.168.1.100 9022
6. It should ask for your username and password. If not, you've got other connection problems. Enter your username and password.
7. Enter the ls command three times.
Expected behaviour: Each ls command should display a list of your databases.
Actual behaviour:
ftp> ls
227 Entering passive mode (192,168,1,100,64,0).
125 Data connection already open. Transfer starting.
dr-xr-x--- 1 root root 0 Jan 01 00:00 blank60
dr-xr-x--- 1 root root 0 Jan 01 00:00 demo61
dr-xr-x--- 1 root root 0 Jan 01 00:00 migrationc
226 Transfer complete.
ftp> ls
227 Entering passive mode (192,168,1,100,64,255).
125 Data connection already open. Transfer starting.
dr-xr-x--- 1 root root 0 Jan 01 00:00 blank60
dr-xr-x--- 1 root root 0 Jan 01 00:00 demo61
dr-xr-x--- 1 root root 0 Jan 01 00:00 migrationc
226 Transfer complete.
ftp> ls
227 Entering passive mode (192,168,1,100,173,241).
[freezes here]
The numbers after the passive mode message represent the IP address and the port. Converting the last two numbers into a sixteen bit integer gives the values 16384, 16639, and 44529. You can see that it uses the two ports specified in the configuration file and then starts picking ports at random.
This bug was originally found in the document module of OpenERP 5.0.12 on Ubuntu 10.04. It's now in the document_ftp module of OpenERP 6.1 on Ubuntu 11.10. |
|
