Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to exclude specific ports within the range for PASV (or multiple pasv port ranges) #1822

Open
flozano opened this issue Nov 30, 2024 · 2 comments
Labels
suggestion Feature suggestion

Comments

@flozano
Copy link

flozano commented Nov 30, 2024

Is your feature request related to a problem? Please describe.

I am continuing the evaluation of sftpgo for replacing an internal FTP server.

I have identified one of the blocking issues for that: the server to be replaced has a wide port range in which specific ports are NOT to be used. Eg: range is 2000-2020, but 2010 and 2012 cannot be used.

This is an ugly legacy for which there's no easy fix for logistic reasons (multiple 3rd party firewall configurations would be involved, which makes it unfeasible)

Describe the solution you'd like

currently we have

  { 
      "passive_port_range": {
           "start": 2000, "end": 2020
       }
}

it would be great to have either of these:

Minimal change, but not very flexible:

 { 
      "passive_port_range": {
           "start": 2000, "end": 2020, "excluded": [ 2010, 2012 ]
       }
}

or (a little more flexible):

 { 
      "passive_port_ranges": [
           { "start": 2000, "end": 2009} , { "start": 2011, "end": 2011}, { "start": 2013, "end": 2020 }
       ]
}

or (way more flexible but complex to implement and maintain probably):

 { 
      "passive_ports": [
            { "start": 2000, "end": 2009}, 2011, { "start": 2013, "end": 2020 }
       ]
}

Describe alternatives you've considered

I have been looking at the code and I believe that if I set 2000-2020 as port range, AND have another server listening on 2010 and 2012, then ftpserver lib will retry if the "port to be used" from the range is not usable:
https://github.com/fclairamb/ftpserverlib/blob/72f801a813ed2267c242f1bb6786d0c1287f746d/transfer_pasv.go#L108

However I am not 100% sure this is safe to proceed (could someone confirm?), and it's a little ugly anyway.

What are you using SFTPGo for?

Professional user, 1 person business

Additional context

This feature request just allows better handling of legacy cases with more flexibility on passive port assignment.

@flozano flozano added the suggestion Feature suggestion label Nov 30, 2024
@drakkan
Copy link
Owner

drakkan commented Jan 7, 2025

I confirm, if a port is used the next one would be tried until a free port is found.

I'm not sure it's worth complicating the SFTPGo configuration for this, you shouldn't see any significant performance issue.

@flozano
Copy link
Author

flozano commented Jan 11, 2025

if the behavior with "busy" ports is like that, I'd rather occupy the ports inside the range that cannot be used. Thanks a lot for such answer, please disregard this feature request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
suggestion Feature suggestion
Projects
None yet
Development

No branches or pull requests

2 participants