Hi On 5 February 2011 21:23, Leo <le...@rogers.com> wrote: [...] > -About 15 servers that don't like EPSV were reported. curl tries to connect > with EPSV, then switches to PASV after a 75 sec wait and either fails (as in > my previous example) or connects. If EPSV is disabled, curl connects with no > problems. > > Here's an example of successful connection after waiting 75 sec and > switching to PASV: > > * About to connect() to 145.243.189.65 port 21 (#0) > * Trying 145.243.189.65... connected > * Connected to 145.243.189.65 (145.243.189.65) port 21 (#0) [...] >> EPSV > * Connect data stream passively > < 229 Entering Extended Passive Mode (|||24440|) > > <75 sec wait> > > * Trying 145.243.189.65... Operation timed out > * couldn't connect to host > * got positive EPSV response, but can't connect. Disabling EPSV >> PASV > < 227 Entering Passive Mode (145,243,189,65,131,198) > * Trying 145.243.189.65... connected [...]
This looks like there's some sort of NAT device or firewall that understands how to deal with "227 Entering Passive Mode (145,243,189,65,131,198)" from the server, but doesn't understand how to deal with "229 Entering Extended Passive Mode (|||24440|)". The server itself clearly doesn't have a problem with EPSV. > -One server that does exactly the opposite: it doesn't accept PASV. curl can > only connect with EPSV enabled. I know that this server is behind a small > Firewall and it's Windows 2008 64 bit Microsoft FTP Service from IIS 7 (if > it makes any difference). > > Here's a log of connection attempt with EPSV disabled: > > * About to connect() to www.xeen3d.de port 21 (#0) > * Trying 87.193.152.189... connected > * Connected to www.xeen3d.de (87.193.152.189) port 21 (#0) [...] >> PASV > * Connect data stream passively > < 227 Entering Passive Mode (87,193,152,189,19,141). > > <75 sec wait> > > * Trying 87.193.152.189... Operation timed out > * couldn't connect to host Again here the server seems happy with PASV, but the firewall/NAT device doesn't like it. > -Other FTP clients I tried (Cyberduck and Transmit) connect to all sites > with no problems. Well, it seems unlikely to me that Cyberduck and Transmit both know in advance whether the firewalls and/or NAT devices between you and an arbitrary server will allow PASV vs. EPSV to work, so they must not be using either PASV or EPSV, but rather active mode FTP (i.e. the PORT command.) Of course the PORT command can also fail in exactly the same way if there are broken firewalls or NAT devices between you and the server, so I don't see how there can be any universally correct answer to your problem. Have you tried "--ftp-port -" with the servers you need to talk to? Are you always running this from the same client or are multiple clients involved? If multiple clients are involved, then the firewall on the client becomes more important when using --ftp-port, because the server will have to make a connection back to the client and the client's firewall might not allow the incoming connection from the server. > I'm on Mac OS X 10.5.8, still with libcurl 7.16.3 - but from what Daniel > said I understand that later versions wouldn't change anything in this area. > > So is there a way to make curl choose the correct method (EPSV/PASV) > automatically? No, I don't think so. If the server rejected EPSV or PASV then libcurl could know immediately that there was a problem and switch to the other one (or maybe to PORT). Because this problem is caused by something in between the client and the server and the only way to know it didn't work is to try and wait for a certain amount of time before giving up, there's no correct answer. You could try contacting the people who look after the network where each server lives and convince them that there is a problem and hope they fix it. You could also try using --ftp-port and see if that helps. Otherwise you could build up a list of known servers and the options that are known to work with them and then be prepared to update that list when things change. You could perhaps update the list automatically if you detect a timeout with EPSV for a particular server and that PASV works for example. > Am I missing something? (BTW, the same question applies to > choosing between passive and active mode). Indeed :) > I LOVE curl, but obviously I want to understand why I can't achieve > something that other FTP clients can - and if I can achieve this, then what > am I doing wrong? Well in order to answer that question, it is necessary to find out what these other FTP clients are doing differently. Perhaps you can capture the network traffic between the client and server when running these other FTP clients and use Wireshark to see what they do differently from libcurl. -- Michael Wood <esiot...@gmail.com> ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html