[Tutor] ftp socket.error

Martin A. Brown martin at linux-ip.net
Sat Sep 12 00:22:48 CEST 2015 

Hi there Richard,

Strictly speaking, it's no Python question, but... good ol' FTP.

>>> socket.error: [Errno 113] No route to host

Your program is receiving an EHOSTUNREACH.

   >>> import errno
   >>> errno.errorcode[113]
   'EHOSTUNREACH'

This occurs at precisely the moment that your program is trying to 
initiate a data transfer.  Every firewall administrator in the world 
loves FTP for precisely this reason.  (And, when I say "love", you 
can replace this with a verb or <expletive/> of your choice.)

Without packet captures, I will merely guess (based on experience).

   1. The receiving machine is running the Python program, builds a
      connection on port 21 (this is called the FTP command
      channel), you log in and all is well.
   2. The moment you try to transfer any data, the FTP client (your
      receiving machine) and the FTP server negotiate either FTP
      passive mode or FTP active (retronym) mode.  I'm guessing
      that your FTP client is choosing passive mode.  (Your FTP
      client might produce logging of this negotiation.)
   3. Using the connection information, the client attempts to build
      an FTP data channel.  So, your machine running the Python
      program initiates a connection to the FTP server.
   4. The FTP server is (probably) configured to allow connections
      inbound to TCP/21 (FTP Command Channel), but doesn't know to
      allow the connections to the ephemeral port(s) negotiated
      during step 2 (above).  So, the firewall on the FTP Server
      sends an ICMP Type 3, Code 1 [0].

>> Figured it out. On the receiving machine  I had to
>>
>> # modprobe ip_conntrack_ftp

Right instinct!  Try this same command on the FTP server side. 
Unless your Python FTP client is negotiating active mode, the server 
will be the "problem" in this case.

> No, apparently I didn't figure it out. I thought I had as after 
> the modprobe I was getting a an EOFError, but now I'm getting the 
> no route to host error again. I can ping it, and as you can see 
> from the original post, I am able to establish a connection and 
> log in, it's just when I try to send a file it goes bollocks up. 
> Still need ideas.

Hopefully, my idea #1 helps.  (If not, you'll need to do some packet 
captures and probably crank up the logging on the FTP server, too.)

I do have another idea, though.  Have you ever wondered about the 
slow demise of FTP?  All of this command-channel, data-channel, PORT 
or PASV nonsense goes away when you use a protocol that runs over a 
single TCP port.  Worked fine in the early days of the Internet 
before firewalls and NAT.

Anyway, short idea #2:

   If it's anonymous access, use HTTP.
   If authenticated access, use ssh/scp/sftp.

Good luck,

-Martin

  [0] http://www.networksorcery.com/enp/protocol/icmp/msg3.htm

-- 
Martin A. Brown
http://linux-ip.net/

More information about the Tutor mailing list