File 0007-Use-PublicAddress-to-override-outgoing-POR... of Package proxy-suite

Overview Repositories Revisions Requests Users Attributes Meta

File 0007-Use-PublicAddress-to-override-outgoing-PORT-IP.patch of Package proxy-suite

From 9e6a02e670012a0c1ec6d0b67be2ba5810aa35bd Mon Sep 17 00:00:00 2001
From: Justen Walker <justen.walker+github@gmail.com>
Date: Sun, 1 Feb 2015 23:00:10 -0500
Subject: [PATCH] Use PublicAddress to override outgoing PORT IP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Normally, when the proxy sends a PORT command, it uses it’s listen
address as the IP. However, in a system where the public IP is actually
mapped to a private ip (Such as Amazon AWS), this port will be
incorrect.  I’ve added an optional PublicAddress config option to
override the IP Address sent by outgoing PORT commands. This option will
allow ftp-proxy to advertise the correct public IP address to servers
when it sends PORT commands.
---
 ftp-proxy/ftp-cmds.c            |  6 +++++-
 ftp-proxy/ftp-proxy.conf.5.in   | 14 ++++++++++++++
 ftp-proxy/ftp-proxy.conf.sample |  8 ++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/ftp-proxy/ftp-cmds.c b/ftp-proxy/ftp-cmds.c
index 4778a52..6d96793 100644
--- a/ftp-proxy/ftp-cmds.c
+++ b/ftp-proxy/ftp-cmds.c
@@ -1009,7 +1009,7 @@ static void cmds_pasv(CONTEXT *ctx, char *arg)
 static void cmds_xfer(CONTEXT *ctx, char *arg)
 {
 	int mode = MOD_ACT_FTP;
-	char *cmd;
+	char *cmd, *p;
 	u_int32_t addr;
 	u_int16_t port;
 
@@ -1080,6 +1080,10 @@ static void cmds_xfer(CONTEXT *ctx, char *arg)
 		/*
 		** Tell the server where we are listening
 		*/
+		p = config_str(NULL, "PublicAddress", NULL);
+		if (p != NULL) {
+			addr = socket_str2addr(p, addr);
+		}
 		socket_printf(ctx->srv_ctrl,
 				"PORT %d,%d,%d,%d,%d,%d\r\n",
 				(int) ((addr >> 24) & 0xff),
diff --git a/ftp-proxy/ftp-proxy.conf.5.in b/ftp-proxy/ftp-proxy.conf.5.in
index 89e1524..25ed6a7 100644
--- a/ftp-proxy/ftp-proxy.conf.5.in
+++ b/ftp-proxy/ftp-proxy.conf.5.in
@@ -666,6 +666,20 @@ and scanned for the desired address.  Blank lines or lines starting
 with '#' are ignored.  Reading the address from a file may be useful
 for environments with masquerading and dynamic PPP connections.
 .TP
+.B PublicAddress
+Global context only.  Defines an IP address the server will use
+for outgoing
+.B PORT
+commands. Without this option, ftp-proxy will use the ListenAddress
+as the advertised IP when the proxy sends a PORT command. However,
+in a network where the public ip is actually mapped to a private ip,
+the proxy server will incorrectly advertise it's private IP. When
+present, the address advertised with PORT commands be overriden
+with the one provided.
+.sp
+The value for this option can be given as a DNS host name, or as a
+dotted decimal IP address.
+.TP
 .B User
 Global context only.  Defines the UNIX style user ID which is
 given to the process before it serves clients.  Default is to
diff --git a/ftp-proxy/ftp-proxy.conf.sample b/ftp-proxy/ftp-proxy.conf.sample
index 2d73547..1b89dea 100644
--- a/ftp-proxy/ftp-proxy.conf.sample
+++ b/ftp-proxy/ftp-proxy.conf.sample
@@ -373,6 +373,14 @@
 # TranslatedAddress	0.0.0.0
 
 #
+# If the proxy server needs to send PORT commands for an IP
+# address other than the one it is listening on, such as on a
+# cloud provider which transparently maps public IPs, this option
+# can be used to override that address.
+#
+# PublicAddress 123.1.1.0
+
+#
 # If given, change UID to give up root privileges. In POSIX
 # environments this changes all user ID's.
 # If set, the proxy will use non-privileged ports (>1024) for
-- 
2.2.0

Places

File 0007-Use-PublicAddress-to-override-outgoing-PORT-IP.patch of Package proxy-suite

Places