Red Hat Bugzilla – Bug 81895
EPSV support sometimes breaks FTP service
Last modified: 2007-04-18 12:49:59 EDT
Description of problem:
EPSV and EPRT commands are now supported, (though they still don't show up on
the man page's list of supported commands) but there is no way to disable them
without also disabling the PASV and PORT commands. This "bug report" is really a
request for a feature: a configuration option to disable support for RFC2428.
Many FTP proxies and firewalls, including freebsd's ipfilter and Cisco's PIX
firewall, don't yet have support for the EPSV command. Some FTP clients
(FreeBSD's, for one) begin with an EPSV command and then fall back to the PASV
command if EPSV isn't supported by the FTP server.
Unfortunately, if the client is going through a proxy or firewall that doesn't
support EPSV, the FTP server may give a positive response to the EPSV command,
but the firewall will block the client from connecting to the data transfer
port, resulting in broken FTP service. If I could get my FTP server to refuse
EPSV commands, the clients would fall back to using the PASV command which my
Version-Release number of selected component (if applicable):
Please use vsftpd instead. wu-ftpd is not maintained anymore.