Re: [Duplicity-talk] [cvs] regression: socket.timeout because of disabling passive FTP

[Kenneth Loafman]

dAniel hAhler wrote:
> Hello,
>
> in CVS there's self.ftp.set_pasv(False), which can cause socket
> timeouts, if ftp-data is firewalled/rejected.

Actually, it was there to test out a problem I was having.  I'll remove 
it before the final release is made.  If you want to check out the 
latest formal release, you need to use the tag r0-4-2 in CVS.

> Additionally, there seems to be code in ftpBackend.list to turn
> passive mode off in some case (ftp error 425), but it does not get
> reached - at least not in a reasonable amout of time and passive mode
> would be off already anyway!

I think the best thing would be for the system to allow an initial 
setting of passive vs active.  In some cases active is required to get 
into an FTP server behind a firewall.  Passive will get you around some 
problems of the client side firewall, maybe.  If the remote side is 
active-only, and your firewall is not handling NAT address change 
correctly, you may not have any access.

> I think this must get handled better - e.g. by turning passive mode
> on, when there's a socket.timeout exception.

Yes, the final code will handle it better.

> Apart from that: why should passive FTP get disabled at all?

Because a lot of times passive will not work at all, especially when 
dealing with FTP sites run by a strict admin.  Leaving port ranges open 
for passive mode is a security risk.

...Ken