Hello,
I tried to figure out, how to use delegate as a SSL gateway for FTPs.

I have a testscenario :
Intern FTPs Server (Explicit SSL enable) on private IP 192.168.100.10

Ok I can connect to the FTPs Server with TLSv1/ SSLv3 on Port 21.
Command :
lftp -d -p 21 -u ftpuser1,ftpuser1 192.168.100.10 (everything for TLS / SSL
enabled) in the lftpf config.

Now I want to use delegate (which is on my Linux firewall), so that clients
can connect with ftps from the internet (public IPs) over my delegate box to
my private FTPs Server.

I use following config :

/usr/local/delegate/src/delegated STLS="fcl" -P3600 SERVER=ftps MOUNT="/*
ftps://192.168.100.10/*" RELIABLE="192.168.100.0/24" REMITTABLE="ftp"
LIBPATH=/usr/local/delegate .


OK, now when I make a connection to my delegate, I cannot connect :
lftp -d -p 3600 -u ftpuser1,ftpuser1 192.168.100.1 (

Error : in delegate log
03/17 14:38:46.63 [20440] 8+0: (0) accepted [20]
-@[192.168.100.1]lintommi.zuhause:57404 (0.003s)(1)
03/17 14:38:46.63 [20440] 8+0: PATH:
ftps://-:990!lintommi.zuhause:3600!lintommi.zuhause:57404!anonymous@lintommi
.zuhause;1174138726
03/17 14:38:48.64 [20440] 8+0: ERROR: SSL/cl is not detected
03/17 14:38:48.64 [20440] 8+0: disconnected [20]
-@[192.168.134.1]lintommi.zuhause:57404 (2.016s)(0)

Seems like delegate wants to make the connection in implicit mode ?? 
Cause of Port 990 entry in the log. Why ??
 

When I make the (-fcl)
Then :

03/17 14:41:20.83 [20505] 2+0/9: FTP LOGIN FROM lintommi.zuhause TO
ftpuser1@100..10
03/17 14:41:20.83 [20505] 2+0/9: PATH:
ftp://192.168.100.10:21!lintommi.zuhause:3600!lintommi.zuhause:57427!anonymo
us@lintommi.zuhause;1174138878
03/17 14:41:20.85 [20505] 2+0/9: FTP server ftp://192.168.100.10:21/
03/17 14:41:20.85 [20505] 2+0/9: FTPHOPS: 1 [9/39 - -1/-1]
03/17 14:41:20.85 [20505] 2+0/9: ConnectToServer:
DFLT=ftp://192.168.100.10:21 REAL=://:0
03/17 14:41:20.85 [20505] 2+0/9: ConnectToServer connected [22]
{192.168.100.10:21 <- 192.168.134.1:57431} [0.001s]
03/17 14:41:20.85 [20505] 2+0/9: willSTLS_SV: ServerFlags=10
03/17 14:41:20.86 [20505] 2+0/9: willSTLS_SV: ServerFlags=200010
03/17 14:41:20.86 [20505] 2+0/9: LoginPWD: "/"
03/17 14:41:20.87 [20505] 2+0/9: ## ftp-conndata: NOT bound#1 err=98
03/17 14:41:20.87 [20505] 2+0/9: ftp_conndata: connected
192.168.100.1:57432->heidi.zuhause/192.168.134.10:1040 [23](0.0)
03/17 14:41:20.87 [20505] 2+0/9: -- with PASV
03/17 14:41:20.87 [20505] 2+0/9: PASV [B][InheritingFromUnboundProxyMode] >>
227 Entering Passive Mode (InheritingFromUnboundProxyMode).^M
03/17 14:41:20.87 [20505] 2+0/9: *** / => ftp://192.168.100.10/ ***
03/17 14:41:20.87 [20505] 2+0/9: FTP-CACHE: LIST [.] = [][]:0
03/17 14:41:20.87 [20505] 2+0/9: DATA 192.168.134.10:1040 ->
192.168.134.1:57432 .. 192.168.134.1:57430 -> 192.168.100.1:57429
03/17 14:41:20.87 [20507] 2+0/9: -- Fork(FCL): 20505 -> 20507
03/17 14:41:20.87 [20507] 2+0/9: ## SSLway loadSession 0.000696 (0 1) / 1
03/17 14:41:20.87 [20505] 2+0/9: FTP data-relay([23]15554b -> [21]c504b)
244b / 1/ (55) 0.00s (read-EOF)
03/17 14:41:20.88 [20507] 2+0/9: ## SSLway ## 0.006595 sescache[1] HIT=1
sR=0 cR=1
03/17 14:41:20.91 [20505] 2+0/9: restoreCWD(1) -- NO ROOT MOUNT[]()

Ok, in Clear it can connect.




	
		
___________________________________________________________ 
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de