Outbound port on sockets

Discussion in 'Python' started by bmearns, Sep 14, 2006.

  1. bmearns

    bmearns Guest

    Is it possible to specify which port to use as the outbound port on a
    connection? I have the IP address and port number for the computer I'm
    trying to connect to (not listening for), but it's expecting my
    connection on a certain port.

    Specifically, I'm trying to write an FTP host, and I'm trying to
    implement the PORT command. From everything I've read, the client
    supplies the IP address and port number for where I'm supposed to
    connect to send it data (like a LISTing), and it's expecting me to
    connect over port 20. If anyone is familiar with FTP and can tell me
    whether this is true or not, whether I really need to go out on port
    20, I'd appreciate it, as well.

    Thanks.
     
    bmearns, Sep 14, 2006
    #1
    1. Advertising

  2. "bmearns" wrote:

    > Specifically, I'm trying to write an FTP host, and I'm trying to
    > implement the PORT command. From everything I've read, the client
    > supplies the IP address and port number for where I'm supposed to
    > connect to send it data (like a LISTing), and it's expecting me to
    > connect over port 20. If anyone is familiar with FTP and can tell me
    > whether this is true or not, whether I really need to go out on port
    > 20, I'd appreciate it, as well.


    PORT means that the client is asking the server to connect to the given
    IP/port combination; see:

    http://cr.yp.to/ftp/retr.html

    the port number used by the server for this connection is irrelevant.

    </F>
     
    Fredrik Lundh, Sep 14, 2006
    #2
    1. Advertising

  3. bmearns schrieb:
    > Is it possible to specify which port to use as the outbound port on a
    > connection? I have the IP address and port number for the computer I'm
    > trying to connect to (not listening for), but it's expecting my
    > connection on a certain port.
    >
    > Specifically, I'm trying to write an FTP host, and I'm trying to
    > implement the PORT command. From everything I've read, the client
    > supplies the IP address and port number for where I'm supposed to
    > connect to send it data (like a LISTing), and it's expecting me to
    > connect over port 20. If anyone is familiar with FTP and can tell me
    > whether this is true or not, whether I really need to go out on port
    > 20, I'd appreciate it, as well.


    AFAIK you neither can't do that nor need it. The PORT commands purpose
    is to tell where the server can connect to - but the client makes no
    assumptions over the source port of that connection. Let alone NAT and
    other things could come into your way.

    If firewalls are a problem, use PASV.

    Diez
     
    Diez B. Roggisch, Sep 14, 2006
    #3
  4. bmearns

    billie Guest

    bmearns wrote

    > Is it possible to specify which port to use as the outbound port on a
    > connection? I have the IP address and port number for the computer I'm
    > trying to connect to (not listening for), but it's expecting my
    > connection on a certain port.
    >
    > Specifically, I'm trying to write an FTP host, and I'm trying to
    > implement the PORT command. From everything I've read, the client
    > supplies the IP address and port number for where I'm supposed to
    > connect to send it data (like a LISTing), and it's expecting me to
    > connect over port 20. If anyone is familiar with FTP and can tell me
    > whether this is true or not, whether I really need to go out on port
    > 20, I'd appreciate it, as well.
    >
    > Thanks.


    This isn't correct.
    If you send a PORT command you're telling server to establish a
    connection with you, not the contrary. In this case, even if you are an
    FTP client, you temporary ACCEPT an outbound connection from the FTP
    server.
    The right format of a FTP PORT command is:

    PORT x,x,x,x,y,z

    ....where x(s) represents your IP address in dotted form and (x * y) the
    TCP port you bind.
    For further informations you can check RFC959 or take a look at ftplib
    in standard module library. Also in twisted you can find a lot of
    useful code in the module protocols.ftp.
     
    billie, Sep 14, 2006
    #4
  5. bmearns

    billie Guest

    > The right format of a FTP PORT command is:
    >
    > PORT x,x,x,x,y,z
    >
    > ...where x(s) represents your IP address in dotted form and (x * y) the
    > TCP port you bind.


    Sorry, I wanted to say: (y * z)
     
    billie, Sep 14, 2006
    #5
  6. bmearns

    bmearns Guest

    Thanks for all the responses. I understood what the PORT command was
    for, but I've been seeing alot of doc online that only mentions going
    outbound on port 20 for data connections, so I thought maybe that was
    my problem.

    Sorry if this is the wrong spot to follow up on this not-so-much-python
    matter. Does anyone know of an appropriate news group?
    I'm trying to get through a router and Norton Internet security, using
    my homebrewed python FTP server and Internet Explorer as my client
    (I've also tried microsoft's FTP command line client). I'm able to go
    back and forth on the command socket, no problem, but after the client
    issues a PORT, I try to connect to it, and time out. I'm becoming
    increasingly convinced that it's a firewall/router issue because if I
    connect to my server as localhost, instead of my outside IP address, I
    can connect fine.

    I've tried disabling Internet security, but that doesn't help. I
    suspect the problem is port forwarding from the router, but I don't
    know what the port numbers will be, so how can I set up forwarding?

    Any help is greatly appreciated. I've been banging my head against the
    wall for hours.

    -Brian
     
    bmearns, Sep 14, 2006
    #6
  7. bmearns

    bmearns Guest

    Quick follow up, I'm able to connect to other external FTP sites behind
    my firewall and router, no problem.

    -Brian


    bmearns wrote:
    > Thanks for all the responses. I understood what the PORT command was
    > for, but I've been seeing alot of doc online that only mentions going
    > outbound on port 20 for data connections, so I thought maybe that was
    > my problem.
    >
    > Sorry if this is the wrong spot to follow up on this not-so-much-python
    > matter. Does anyone know of an appropriate news group?
    > I'm trying to get through a router and Norton Internet security, using
    > my homebrewed python FTP server and Internet Explorer as my client
    > (I've also tried microsoft's FTP command line client). I'm able to go
    > back and forth on the command socket, no problem, but after the client
    > issues a PORT, I try to connect to it, and time out. I'm becoming
    > increasingly convinced that it's a firewall/router issue because if I
    > connect to my server as localhost, instead of my outside IP address, I
    > can connect fine.
    >
    > I've tried disabling Internet security, but that doesn't help. I
    > suspect the problem is port forwarding from the router, but I don't
    > know what the port numbers will be, so how can I set up forwarding?
    >
    > Any help is greatly appreciated. I've been banging my head against the
    > wall for hours.
    >
    > -Brian
     
    bmearns, Sep 14, 2006
    #7
  8. "bmearns" <> writes:

    > Quick follow up, I'm able to connect to other external FTP sites behind
    > my firewall and router, no problem.


    You've been told already to implement PASV command in your server (then
    client will be able to use so called passive mode).

    -- Sergei.
     
    Sergei Organov, Sep 14, 2006
    #8
  9. bmearns

    bmearns Guest

    Passive mode is implemented, the client isn't trying to use it.
    Besides, that doesn't really help me anyway, all it means is that I
    have to resolve port forwarding for the server, instead of for the
    client.

    I think what this basically comes down to is that either with PASV or
    PORT, there's a relatively arbitrary port number being specified, and I
    can't figure out how to get my router to forward it since I don't know
    what it will be in advance, short of forwarding all the 64 thousand
    some odd valid ports.

    The thing that gets me is that I can connect to the other FTP servers,
    and (according to the responses echoed by the command line FTP client),
    they're using PORT, not PASV. So somehow, my client is specifying some
    arbitrary port for the server to connect to, and that port is actually
    being forwarded through my router.

    -Brian

    Sergei Organov wrote:
    > "bmearns" <> writes:
    >
    > > Quick follow up, I'm able to connect to other external FTP sites behind
    > > my firewall and router, no problem.

    >
    > You've been told already to implement PASV command in your server (then
    > client will be able to use so called passive mode).
    >
    > -- Sergei.
     
    bmearns, Sep 14, 2006
    #9
  10. bmearns

    bmearns Guest

    It's actually 256*y + z
    billie wrote:
    > > The right format of a FTP PORT command is:
    > >
    > > PORT x,x,x,x,y,z
    > >
    > > ...where x(s) represents your IP address in dotted form and (x * y) the
    > > TCP port you bind.

    >
    > Sorry, I wanted to say: (y * z)
     
    bmearns, Sep 14, 2006
    #10
  11. bmearns

    Steve Holden Guest

    billie wrote:
    [...]
    > The right format of a FTP PORT command is:
    >
    > PORT x,x,x,x,y,z
    >
    > ....where x(s) represents your IP address in dotted form and (x * y) the
    > TCP port you bind.

    That's actually x*256 + y - tou're makling a 16-bit unsigned integer
    from two bytes.

    > For further informations you can check RFC959 or take a look at ftplib
    > in standard module library. Also in twisted you can find a lot of
    > useful code in the module protocols.ftp.
    >

    regards
    Steve
    --
    Steve Holden +44 150 684 7255 +1 800 494 3119
    Holden Web LLC/Ltd http://www.holdenweb.com
    Skype: holdenweb http://holdenweb.blogspot.com
    Recent Ramblings http://del.icio.us/steve.holden
     
    Steve Holden, Sep 14, 2006
    #11
  12. bmearns schrieb:
    > Passive mode is implemented, the client isn't trying to use it.
    > Besides, that doesn't really help me anyway, all it means is that I
    > have to resolve port forwarding for the server, instead of for the
    > client.
    >
    > I think what this basically comes down to is that either with PASV or
    > PORT, there's a relatively arbitrary port number being specified, and I
    > can't figure out how to get my router to forward it since I don't know
    > what it will be in advance, short of forwarding all the 64 thousand
    > some odd valid ports.


    But you can restrict the numbers of ports the server will use to a
    certain range! It's common for ftp to allow only for so many connections
    at the same time, so reserve a port-range of 20 or so for your server
    and configure the router to forward them.

    > The thing that gets me is that I can connect to the other FTP servers,
    > and (according to the responses echoed by the command line FTP client),
    > they're using PORT, not PASV. So somehow, my client is specifying some
    > arbitrary port for the server to connect to, and that port is actually
    > being forwarded through my router.


    No idea how that happens, but there are protocol aware fire walls.

    Diez
     
    Diez B. Roggisch, Sep 14, 2006
    #12
  13. bmearns

    bmearns Guest

    > But you can restrict the numbers of ports the server will use to a
    > certain range! It's common for ftp to allow only for so many connections
    > at the same time, so reserve a port-range of 20 or so for your server
    > and configure the router to forward them.


    Thanks, I think that'll have to be my work around till I can find more
    information about this. I do still consider it a work around, though,
    I'd like to be able to use both PORT and PASV and I'm entirely
    convinced it's possible.

    All the same, it's a good suggestion. Thank you. Now do you know how I
    (as the server) can force clients to use PASV, instead of PORT?

    -Brian
     
    bmearns, Sep 14, 2006
    #13
  14. bmearns wrote:

    > All the same, it's a good suggestion. Thank you. Now do you know how I
    > (as the server) can force clients to use PASV, instead of PORT?


    have you tried returning a suitable error code ? (502 should be a good
    choice).

    (and before you proceed, reading

    http://cr.yp.to/ftp/security.html

    is also a good idea. are you 110% sure that you absolutely definitely
    have to use FTP rather than HTTP/WebDAV or somesuch).

    </F>
     
    Fredrik Lundh, Sep 14, 2006
    #14
  15. bmearns

    Bryan Olson Guest

    Diez B. Roggisch wrote:
    > bmearns schrieb:
    >> Is it possible to specify which port to use as the outbound port on a
    >> connection?

    [...]
    >> Specifically, I'm trying to write an FTP host, and I'm trying to
    >> implement the PORT command.

    >
    > AFAIK you neither can't do that nor need it.


    It's not the issue here, but to specify the outgoing port
    call bind(('', portnum)) before connect().


    --
    --Bryan
     
    Bryan Olson, Sep 14, 2006
    #15
  16. Bryan Olson schrieb:
    > Diez B. Roggisch wrote:
    >> bmearns schrieb:
    >>> Is it possible to specify which port to use as the outbound port on a
    >>> connection?

    > [...]
    >>> Specifically, I'm trying to write an FTP host, and I'm trying to
    >>> implement the PORT command.

    >>
    >> AFAIK you neither can't do that nor need it.

    >
    > It's not the issue here, but to specify the outgoing port
    > call bind(('', portnum)) before connect().


    I wasn't aware of that. Cool.

    Diez
     
    Diez B. Roggisch, Sep 15, 2006
    #16
  17. On 2006-09-15, Diez B. Roggisch <> wrote:

    >>>> Is it possible to specify which port to use as the outbound port on a
    >>>> connection?

    >> [...]
    >>>> Specifically, I'm trying to write an FTP host, and I'm trying to
    >>>> implement the PORT command.
    >>>
    >>> AFAIK you neither can't do that nor need it.

    >>
    >> It's not the issue here, but to specify the outgoing port
    >> call bind(('', portnum)) before connect().

    >
    > I wasn't aware of that. Cool.


    It's an interesting thing to know, but I've been doing TCP
    stuff for many years and never run across a situation where
    it's something I needed to do. If somebody in this thread
    actually does need to do it, I'd be curious bout why...

    --
    Grant Edwards grante Yow! .. this must be what
    at it's like to be a COLLEGE
    visi.com GRADUATE!!
     
    Grant Edwards, Sep 15, 2006
    #17
  18. Grant Edwards <> writes:

    > On 2006-09-15, Diez B. Roggisch <> wrote:
    >
    >>>>> Is it possible to specify which port to use as the outbound port on a
    >>>>> connection?
    >>> [...]
    >>>>> Specifically, I'm trying to write an FTP host, and I'm trying to
    >>>>> implement the PORT command.
    >>>>
    >>>> AFAIK you neither can't do that nor need it.
    >>>
    >>> It's not the issue here, but to specify the outgoing port
    >>> call bind(('', portnum)) before connect().

    >>
    >> I wasn't aware of that. Cool.

    >
    > It's an interesting thing to know, but I've been doing TCP
    > stuff for many years and never run across a situation where
    > it's something I needed to do. If somebody in this thread
    > actually does need to do it, I'd be curious bout why...


    Well, one of ftpd implementations I have here (C code from RTEMS) does
    this:

    /* anchor socket to avoid multi-homing problems */
    data_source = info->ctrl_addr;
    data_source.sin_port = htons(20); /* ftp-data port */
    if(bind(s, (struct sockaddr *)&data_source, sizeof(data_source)) < 0)
    ERROR;
    ...
    if(connect(s,
    (struct sockaddr *)&info->def_addr,
    sizeof(struct sockaddr_in)) < 0
    )
    ERROR;

    I've no idea what "multi-homing problems" are, but maybe it gives you
    some hint?

    -- Sergei.
     
    Sergei Organov, Sep 15, 2006
    #18
  19. On 2006-09-15, Sergei Organov <> wrote:

    >>>> It's not the issue here, but to specify the outgoing port
    >>>> call bind(('', portnum)) before connect().


    >> It's an interesting thing to know, but I've been doing TCP
    >> stuff for many years and never run across a situation where
    >> it's something I needed to do. If somebody in this thread
    >> actually does need to do it, I'd be curious bout why...

    >
    > Well, one of ftpd implementations I have here (C code from RTEMS) does
    > this:
    >
    > /* anchor socket to avoid multi-homing problems */
    > data_source = info->ctrl_addr;
    > data_source.sin_port = htons(20); /* ftp-data port */
    > if(bind(s, (struct sockaddr *)&data_source, sizeof(data_source)) < 0)
    > ERROR;
    > ...
    > if(connect(s,
    > (struct sockaddr *)&info->def_addr,
    > sizeof(struct sockaddr_in)) < 0
    > )
    > ERROR;
    >
    > I've no idea what "multi-homing problems" are, but maybe it gives you
    > some hint?


    I don't know what "multi-homing problems are either".
    Apparently there must be some ftp clients that require the
    source port for the data connection to be port 20.

    The RFC is pretty vague. It does say the server and clinet but
    must "support the use of the default data port [port 20]" or
    something like that. But, it's not all all clear to me what
    that is supposed to mean. My reading is that they must support
    the default port as the destination port for a data connection
    untill it's been changed by receipt of a PORT command.

    But, like I said, is very vague, and I suppose some client
    implementor could have read it as the server must use the
    default data port as the source port for a data connection.

    --
    Grant Edwards grante Yow! Ha ha Ha ha Ha ha
    at Ha Ha Ha Ha -- When will I
    visi.com EVER stop HAVING FUN?!!
     
    Grant Edwards, Sep 15, 2006
    #19
  20. bmearns

    Steve Holden Guest

    Grant Edwards wrote:
    > On 2006-09-15, Sergei Organov <> wrote:
    >
    >
    >>>>>It's not the issue here, but to specify the outgoing port
    >>>>>call bind(('', portnum)) before connect().

    >
    >
    >>>It's an interesting thing to know, but I've been doing TCP
    >>>stuff for many years and never run across a situation where
    >>>it's something I needed to do. If somebody in this thread
    >>>actually does need to do it, I'd be curious bout why...

    >>
    >>Well, one of ftpd implementations I have here (C code from RTEMS) does
    >>this:
    >>
    >> /* anchor socket to avoid multi-homing problems */
    >> data_source = info->ctrl_addr;
    >> data_source.sin_port = htons(20); /* ftp-data port */
    >> if(bind(s, (struct sockaddr *)&data_source, sizeof(data_source)) < 0)
    >> ERROR;
    >> ...
    >> if(connect(s,
    >> (struct sockaddr *)&info->def_addr,
    >> sizeof(struct sockaddr_in)) < 0
    >> )
    >> ERROR;
    >>
    >>I've no idea what "multi-homing problems" are, but maybe it gives you
    >>some hint?

    >
    >
    > I don't know what "multi-homing problems are either".
    > Apparently there must be some ftp clients that require the
    > source port for the data connection to be port 20.
    >
    > The RFC is pretty vague. It does say the server and clinet but
    > must "support the use of the default data port [port 20]" or
    > something like that. But, it's not all all clear to me what
    > that is supposed to mean. My reading is that they must support
    > the default port as the destination port for a data connection
    > untill it's been changed by receipt of a PORT command.
    >
    > But, like I said, is very vague, and I suppose some client
    > implementor could have read it as the server must use the
    > default data port as the source port for a data connection.


    Standard (port-mode) FTP has the client send a PORT command to the
    server when data transfer is required. The server then makes a
    connection to the indicated port from its own port 20. If you look in
    /etc/services you'll likely see that port 21 is identified as "ftp" or
    "ftp-control" and 20 as "ftp-data".

    Passive mode was introduced so that the server is not required to make a
    connection inbound to the client, as more and more firewalls were
    interposed at the perimeter of networks, blocking the inbound requests
    to clients from servers.

    I suspect that the reason for the comment is simply that the connection
    out from the server is being bound to the same interface (*IP address*)
    that the inbound request arrived on. That way it's less likely that the
    data stream will be routed differently from the control (port 21) stream.

    regards
    Steve
    --
    Steve Holden +44 150 684 7255 +1 800 494 3119
    Holden Web LLC/Ltd http://www.holdenweb.com
    Skype: holdenweb http://holdenweb.blogspot.com
    Recent Ramblings http://del.icio.us/steve.holden
     
    Steve Holden, Sep 15, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kv
    Replies:
    0
    Views:
    387
  2. Replies:
    2
    Views:
    1,056
  3. TC
    Replies:
    3
    Views:
    432
  4. TC

    Help! ... Outbound Port Getting Shut Down

    TC, Jun 8, 2007, in forum: ASP .Net Security
    Replies:
    2
    Views:
    177
  5. Old Echo
    Replies:
    2
    Views:
    111
    Old Echo
    Jun 27, 2008
Loading...

Share This Page