Your best friend for file transfer.

Fetch application logoFetch

EPSV causes session hang (2 posts)

This is an archived topic. The information in it is likely to be out-of-date and no longer applicable to current versions of Fetch.
  • Started 18 years ago by ewilts
  • Latest reply 18 years ago from Jim Matthews
  • ewilts Member

    I administer a Linux server running ProFTPd. I've had a couple of reports (validated by our Mac desktop support folks here) that Fetch does not play nicely with ProFTPd. Our ProFTPd server is behind firewalls (PIX and Checkpoint). What the user says is happening is that Fetch starts up but hangs getting the directory listing. My detailed logs on the server say that the last thing the client sends is an EPSV command. The firewall vendors says that EPSV is *only* supported for ipv6 which we're not running. RFC 2428 confirms this. Turning off passive mode on Fetch works around this problem. However, I think that Fetch needs to be modified to send ipv4 PASV operations instead of EPSV, or at least allow a toggle as to which to send. It's currently violating the RFCs.

    Here's a session log from one of these sessions. UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "PASS (hidden)" 230 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "SYST" 215 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "PWD" 257 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "MACB ENABLE" 500 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "PWD" 257 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "CWD /cust" 250 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "PWD" 257 - UNKNOWN tschultz [10/May/2005:09:52:10 -0500] "EPSV" 229 -

    [hang forever]


    Posted 18 years ago #

  • Jim Matthews Administrator

    By default Fetch does not use EPSV. The user must have checked "Use EPSV command (instead of PASV)" in the Obscure Options pop-up menu found in the Misc section of Fetch Preferences. Unchecking that option will keep Fetch from using EPSV.

    I think that your understanding of the RFC is incorrect. FTP clients may send commands like EPSV without knowing ahead of time whether the server supports them -- doing so it usually the only way to find out whether a server supports a command. If the server does not support the EPSV command it should return a 500 status (and in that case Fetch will gracefully fall back to using PASV). The log you posted shows the server returning 229, which indicates that it *does* support EPSV. If the server does not really support EPSV it is saying exactly the wrong thing.

    My guess is that the server does support EPSV, but your firewalls do not. To follow the RFCs your firewalls should intercept the EPSV command and return a 500 status code, so the client will know that the command is not currently supported, and can fall back to an alternative.


    Jim Matthews
    Fetch Softworks

    Posted 18 years ago #

Topic closed

This topic has been closed.