Article delegate-en/2766 of [1-4105] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en
[DeleGate-En] Regarding using delegate as a proxy to access auth-tls ftp servers
13 Oct 2004 18:22:15 GMT "Jonas Larsen" <pzyfabdyi-pg3up57zw6tw.ml@delegate.org>
SCT Transport 
Hi list

My setup:

I want to offer my users the ability to connect to various AUTH-TLS ftp servers true a delegate proxy.

Using encryption on both the command and data channel. Some of the servers enforce encryption on both channels too.

I got it working with the login, but when i try to do a dirlist my client just times out.

Im using Redhat 9 and delegate 8.9.6.

I start delegate with: delegated -v -P35000 PERMIT="*:*:*" CMAP="sslway -ss/ftp:FSV:ftp-data" CMAP="sslway -ss/ftp:FSV:ftp" SERVER=ftp

Im using Flashfxp as ftp client using its proxy mode number 12 ( USER login@ftp-host:ftp-port)

I can login fine but as i mentioned client timeouts on dirlisting, both on passive mdoe and port)

log from flashfxp:
TYPE A
200 Type set to A.
PROT P
200 Protection set to Private
PORT 212,242,167,189,5,243
200 PORT command successful [translated to PASV by DeleGate].
LIST -al
150 Opening ASCII mode data connection for directory listing.
Negotiating SSL/TLS session...
421 Timeout (120 seconds): closing control connection.
421 ---- PROXY-FTP login: TIMEOUT(60)

At the same time delegate looks like this:

[root@episode src]# ./delegated -v -P35000 PERMIT="*:*:*" CMAP="sslway -ss/ftp:FSV:ftp-data" CMAP="sslway -ss/ftp:FSV:ftp" SERVER=ftp
10/13 20:03:29.65 [4533] 0+0: PORT> -P35000
10/13 20:03:29.84 [4533] 0+0: configuring default RESOLV ...
10/13 20:03:29.84 [4533] 0+0: ... SYS: nope.no-ip.info -> 213.112.114.13
10/13 20:03:29.84 [4533] 0+0: ... DNS: 213.112.114.113 -> c-717270d5.06-20000-00000f0X.cust.bredbandsbolaget.se
10/13 20:03:29.84 [4533] 0+0: ... DNS available
10/13 20:03:29.84 [4533] 0+0: ... NIS not available (no default domain)
10/13 20:03:29.84 [4533] 0+0: ... export RES_ORDER=CFD
10/13 20:03:29.84 [4533] 0+0: export RESOLV=cache,file,dns (set by default)
10/13 20:03:29.84 [4533] 0+0: --INITIALIZATION START: 8.9.6 on Linux/2.4.20-31.9--
10/13 20:03:29.84 [4533] 0+0: BINSHELL=/bin/sh
10/13 20:03:29.84 [4533] 0+0: server_open(delegate,:35000,listen=20)
10/13 20:03:29.85 [4533] 0+0: server_open(delegate,:35000) BOUND
10/13 20:03:29.85 [4533] 0+0: DGROOT=/var/spool/delegate-nobody^M
10/13 20:03:29.85 [4533] 0+0: <DeleGate/8.9.6> [4533] -P35000 READY^M
<DeleGate/8.9.6> [4533] -P35000 READY
DGROOT=/var/spool/delegate-nobody
ADMIN=root@no-ip..
AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2004 National Institute of Advanced Industrial Science and Technology (AIST)
10/13 20:03:29.85 [4533] 0+0: PORT= 35000/0 (000,00X)
10/13 20:03:29.85 [4533] 0+0: OWNER=nobody => OWNER=nobody/nobody(nobody/nobody)
10/13 20:03:29.85 [4533] 0+0: REMITTABLE = ftp,ftps
10/13 20:03:29.85 [4533] 0+0: PATH: gzip -> /bin/gzip
10/13 20:03:29.85 [4533] 0+0: #### gzip = [/bin/gzip]gzip
10/13 20:03:29.85 [4533] 0+0: #### gunzip = [/bin/gzip]gzip -d
10/13 20:03:29.85 [4533] 0+0: ADMIN=root@no-ip.. protocol=ftp(specialist)
-delegated[4533]- WARNING! ADMIN="your_mail_address" should be specified.
-delegated[4533]- INFO: using ADMIN=root@no-ip.. given at compile time.
10/13 20:03:29.85 [4533] 0+0: #### CACHE DISABLED #### Cache directory seems not exist: /var/spool/delegate-nobody/cache
10/13 20:03:29.85 [4533] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
10/13 20:03:29.85 [4533] 0+0: MOUNT[1]X[3] /-/* = forbidden,from=!.RELIABLE,default
10/13 20:03:29.85 [4533] 0+0: MOUNT[2]X[0] /-* = default
10/13 20:03:29.85 [4533] 0+0: MOUNT[3]X[1] /=* = default
10/13 20:03:29.85 [4533] 0+0: MOUNT[4]=[4] //* = default
10/13 20:03:29.85 [4533] 0+0: env[25] LIBPATH=.;/root/delegate8.9.6/src;/var/spool/delegate-nobody/lib;.;/var/spool/delegate-nobody/etc
10/13 20:03:29.85 [4533] 0+0: env[27] RESOLV=cache,file,dns
10/13 20:03:29.85 [4533] 0+0: arg[3] PERMIT=*:*:*
10/13 20:03:29.85 [4533] 0+0: arg[4] CMAP=sslway -ss/ftp:FSV:ftp-data
10/13 20:03:29.85 [4533] 0+0: arg[5] CMAP=sslway -ss/ftp:FSV:ftp
10/13 20:03:29.85 [4533] 0+0: arg[6] SERVER=ftp
10/13 20:03:29.85 [4533] 0+0: DELEGATE_Modified[1]: 416dc251
10/13 20:03:29.85 [4533] 0+0: --INITIALIZATION DONE: 8.9.6 on Linux/2.4.20-31.9--
10/13 20:03:32.67 [4534] 1+0: -- Fork(OnetimeServer): 4533 -> 4534
10/13 20:03:32.68 [4534] 1+0: (0) accepted [34] -@[212.242.117.119]port1630.ds1-vbr.adsl.cybercity.dk:25532 (0.010s)(1)
10/13 20:03:32.68 [4534] 1+0: PATH: ftp://-:21!nope.no-ip.info:35000!port1630.ds1-vbr.adsl.cybercity.dk:25532!anonymous@port1630.ds1-vbr.adsl.cybercity.dk;1097712212
10/13 20:03:32.69 [4534] 1+0: FTP server ftp://-:21/
10/13 20:03:32.69 [4534] 1+0: bind_insock(14,213.112.114.13,0) = 0, errno=0
10/13 20:03:32.75 [4534] 1+0: #### no authorization required
10/13 20:03:32.81 [4534] 1+0: gethostbyname(-) unknown[0.00s] 
10/13 20:03:32.81 [4534] 1+0: ## hostIFto 212.242.117.19 < 213.112.114.13 (ffffff00)
10/13 20:03:32.81 [4534] 1+0: FTP LOGIN FROM port1630.ds1-vbr.adsl.cybercity.dk TO !E-bola@193.40.61.22
10/13 20:03:32.81 [4534] 1+0: PATH: ftp://193.40.61.222:22122!nope.no-ip.info:35000!port1630.ds1-vbr.adsl.cybercity.dk:25532!anonymous@port1630.ds1-vbr.adsl.cybercity.dk;1097712212
10/13 20:03:32.85 [4534] 1+0: FTP server ftp://193.40.61.22:22122/
10/13 20:03:32.85 [4534] 1+0: FTPHOPS: 1 [8/34 - -1/-1]
10/13 20:03:32.85 [4534] 1+0: ConnectToServer: DFLT=ftp://193.40.61.22:22122 REAL=://:0
10/13 20:03:35.92 [4534] 1+0: ConnectToServer connected [15] {193.40.61.22:22122 <- 213.112.114.13:53858} [3.068s]
10/13 20:03:35.92 [4534] 1+0: LIBPATH: sslway -> /root/delegate8.9.6/src/sslway
10/13 20:03:35.92 [4535] 1+0: -- Fork(FSV): 4534 -> 4535
10/13 20:03:35.92 [4535] 1+0: #### execFilter[FSV] [/root/delegate8.9.6/src/sslway]sslway -ss/ftp
## SSLway[4535](port1630.ds1-vbr.adsl.cybercity.dk) STARTTLS to server -- ftp
## SSLway[4535](port1630.ds1-vbr.adsl.cybercity.dk) STARTTLS to server -- 234 AUTH SSL successful
## SSLway[4535](port1630.ds1-vbr.adsl.cybercity.dk) server's cert. = **subject<</ST=. /CN=ftp server>> **issuer<</ST=. /CN=ftp server>>
10/13 20:03:37.33 [4534] 1+0/2/1: LoginPWD: "/"
10/13 20:03:37.65 [4534] 1+0/3/3: set REST 100
10/13 20:03:37.81 [4534] 1+0/4/4: set REST 0
10/13 20:03:38.64 [4534] 1+0/9/9: ## viaCFI [mkPASV]: fileno(ts)=15 ToSX=16
10/13 20:03:38.70 [4534] 1+0/9/9: ftp_conndata: connected 213.112.114.13:53857->193.40.61.22/193.40.61.22:38907 [18]
10/13 20:03:38.70 [4534] 1+0/9/9: LIBPATH: sslway -> /root/delegate8.9.6/src/sslway
10/13 20:03:38.70 [4537] 1+0/9/9: -- Fork(FSV): 4534 -> 4537
10/13 20:03:38.71 [4537] 1+0/9/9: #### execFilter[FSV] [/root/delegate8.9.6/src/sslway]sslway -ss/ftp
10/13 20:03:38.71 [4534] 1+0/9/9: inserted FSV[PASV] 18 -> 20
10/13 20:03:38.71 [4534] 1+0/9/9: -- with PASV
10/13 20:03:38.71 [4534] 1+0/9/9: PORT [212,242,117,119,5,243] >> 200 PORT command successful [translated to PASV by DeleGate].^M
10/13 20:03:42.11 [4534] 1+0/10/10: FTP-CACHE: LIST [] = [][]:0
10/13 20:03:42.14 [4534] 1+0/10/10: ftp_conndata: connected 213.112.114.13:34999->port1630.ds1-vbr.adsl.cybercity.dk/212.242.117.119:1523 [19]
10/13 20:03:42.14 [4534] 1+0/10/10: DATA 127.0.0.127:65535 -> 127.0.0.127:65535 .. 213.112.114.13:34999 -> 212.242.117.119:1523

So any help will be MUCH apreciated, im not even sure delegate can do what i want atm, since i couldnt find any information about it. The ftp server im trying this up against is glftpd.

Hope somebody got some ideas

Best regards
Jonas
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V