DataPortRange - works or not ?

0 votes
asked Nov 28, 2015 by tkrawiec (120 points)

I am using the latest version of the Rebex FTP client and every time I try to upload a file to an FTP server which is located in the same LAN I am able to establish a proper connection but I end up getting such an exception in case when FTPS is used (FTP works OK):

Rebex.Net.FtpException: Socket error 10013 occured. ---> Rebex.Net.ProxySocketException: Socket error 10013 occured. ---> System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions 46.4.51.132:61265

or this one in Active Mode:

Rebex.Net.FtpException: Cannot upload file Illegal PORT command (500). ---> Rebex.Net.FtpException: Illegal PORT command (500).

Although I use a data port range specified by the administrator (in this case 42900 -> 49250) I always see that the Rebex FTP tries to use ports out of the specified range:

Connection ports:
Remote end point : 46.4.51.132:990 <-- OK
Local end point : 172.26.5.207:3225 <-- also probably OK

Data ports (tried to uploaded a file 3 times):
46.4.51.132:61265 <---- why 61265 ??
46.4.51.132:55966 <---- why 55966
46.4.51.132:49438 <---- why 49438

It seems that assigned port range is completely ignored.
I know that in the past there had been such an error but according to the info from the Change Log it was fixed in the Version 2014 R3 from 2014-12-18. (FTP: Fixed a bug that caused Ftp.DataPortRange to be ignored.)

Any help/info appreciated !

Applies to: Rebex FTP/SSL

1 Answer

0 votes
answered Nov 30, 2015 by Lukas Matyska (47,230 points)

Port range should not be ignored anymore.

Please note that setting a port range to a client object (Rebex.Net.Ftp) affects port selection of the client (local end) only, not the server (remote end). Therefore remote end can have address such 46.4.51.132:61265.

To understand what is going on, I will shortly describe how the FTP protocol works:

By default, client connects from random address:port e.g. 172.26.5.207:3225 to the FTP server's address on port 21 (for plain FTP) or port 990 (for implicit FTP/SSL) e.g. 46.4.51.132:990. Of course ports can be often configured at server side.

When the client wants to upload or download a file, it requests a data connection. It can be done by two ways: passive or active.

In passive mode, the client sends the command PASV and server replies with "connect to address:port" - the remote port is selected randomly (often port range can be configured at server) e.g. 46.4.51.132:61265.
Then client connects to the specified address:port, the local port is selected randomly (if a port range is specified, the local port is selected from this port range) e.g. 172.26.5.207:42900

In active mode, the client sends the command "PORT address:port", the (local) port is selected randomly (from port range if specified) e.g. "PORT 172.26.5.207:42900".
Then the server connects to the client to specified address:port from it's address and random (remote) port e.g. 46.4.51.132:61265.

Because you received Rebex.Net.FtpException: Illegal PORT command (500). It means that your server doesn't support active mode.

To use data port range on client, your code should start like this:

Ftp ftp = new Ftp();
ftp.Connect("46.4.51.132", SslMode.Implicit);
ftp.Login(user, password);
ftp.DataPortRange = new PortRange(42900, 49250);

Please, try the suggestion above and leave me a comment if your local ports are still outside the specified port range. To restrict remote ports you have to configure your FTP server.

...