Hello,

Hello,

I want to build an TLS gateway für my internal FTPs Server. (192.168.100.10)
The FTPs Server uses (Explicit TLS V1 / SSLv3) encryption.


FTPs (client) ---> FTPs (Server)

OK, everything works. (Like you can see in the following log.

root@lintommi:/usr/local# /usr/bin/lftp ftpuser1:ftpuser1@134..10 -p
21
lftp ftpuser1@134..10:~> debug 9   
lftp ftpuser1@134..10:~> ls
---- Verbinde mit 192.168.134.10 (192.168.134.10) Port 21
<--- 220-Willkommen auf Tommis FTP Server
<--- 220 
---> AUTH TLS-P
<--- 234 Authentication method accepted
---> USER ftpuser1
Certificate depth: 0; subject: /C=de/CN=heidi/O=Cerberus FTP Server; issuer:
/C=de/CN=heidi/O=Cerberus FTP Server
WARNING: Certificate verification: self signed certificate
<--- 331 User ftpuser1, password please
---> PASS ftpuser1
<--- 230 Password Ok, User logged in
---> PWD
<--- 257 "/" is the current directory
---> PBSZ 0
<--- 200 PBSZ=0
---> PASV
<--- 227 Entering Passive Mode (192,168,134,10,4,2)
---- Verbinde Daten Socket mit (192.168.134.10) Port 1026
---- Data connection established
---> LIST
<--- 150 Opening data connection
---- Got EOF on data connection
---- Schließe den Daten Socket
drw-rw-rw-   1 user     group           0 Mar 17 16:03 .
<--- 226 Transfer complete
drw-rw-rw-   1 user     group           0 Mar 17 16:03 ..
drw-rw-rw-   1 user     group           0 Mar 10 09:29 Download
drw-rw-rw-   1 user     group           0 Mar 10 09:29 Upload
lftp ftpuser1@134..10:/>


Now I want to connect over my delegate FTPs TLS to my internal FTPs Server.

FTPs (client ) ------> Delegate TLS ------> FTPs Server

The communication between the client and the delegate and also between the
delegate and the internal FTPs Server should be encrypted.

I use the following syntax : (my delegate is on 192.168.134.1)

( 2 samples .. because I don’t know, which is the best !!)

/usr/local/delegate/src/delegated STLS="fsv" -P3500 SERVER=ftps MOUNT="/*
ftp://192.168.134.10:21/*" RELIABLE="x.x.x.x"  REMITTABLE="ftp"
LIBPATH=/usr/lo.....


And the second

/usr/local/delegate/src/delegated STLS="fcl" -P3600 SERVER=ftps MOUNT="/*
ftps://192.168.134.10/*" RELIABLE="x.x.x.x" REMITTABLE="ftp"
LIBPATH=/usr/loc .....



OK, when I know connect first to Port 3500 and then to Port 3600
Look at the following log :


Port 3500 (explicit) ... is this encrypted because of the SSL Message in
delegate ????
Why do I have to use (SERVER = ftps ... MOUNT ftp://), otherwise , when I
use SERVER = ftps ... MOUNT ftps://), in the
delegate log, there comes the message with duplicated cerificates ???

Seems like only the TLS AUTH is encrypted and the Data channel for Listing
is unencrypted !!


lftp ftpuser1:ftpuser1@134.. -p 3500
lftp ftpuser1@134..:~> debug 9   
lftp ftpuser1@134..:~> ls
---- Verbinde mit 192.168.134.1 (192.168.134.1) Port 3500
<--- 220- lintommi.zuhause PROXY-FTP server (DeleGate/9.5.2) ready.
<--- 220-   @ @
<--- 220-  ( - ) { DeleGate/9.5.2 (March 8, 2007) }
<--- 220- AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165,
H18PRO-443
<--- 220- Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
<--- 220- Copyright (c) 2001-2006 National Institute of Advanced Industrial
Science and Technology (AIST)
<--- 220- WWW: http://www.delegate.org/delegate/
<--- 220- --
<--- 220- You can connect to a SERVER by `user' command:
<--- 220-    ftp> user username@SERVER
<--- 220- or by `cd' command (after logged in as an anonymous user):
<--- 220-    ftp> cd //SERVER
<--- 220- Cache is enabled by default and can be disabled by `cd .' (toggle)
<--- 220- This (proxy) service is maintained by 'pjmhabdyi-mykgh44kistw.ml@delegate.org'
<--- 220- 
<--- 220-extended FTP [MODE XDC][XDC/BASE64]
<--- 220  
---> AUTH TLS-P
<--- 500-AUTH TLS-P
<--- 500 only USER,PASS,TYPE,QUIT and CWD are available.
---> USER ftpuser1
<--- 331 Password required for ftpuser1.
---> PASS ftpuser1
<--- 230- User ftpuser1 logged in.
<--- 230  Now you can select a FTP SERVER by cd //SERVER
---> PWD
<--- 257 "/" is current directory.
---> PASV
<--- 227 Entering Passive Mode (192,168,134,1,248,221).
---- Verbinde Daten Socket mit (192.168.134.1) Port 63709
---- Data connection established
---> LIST
<--- 150-- LIST for ftpuser1@134..
<---  220-Willkommen auf Tommis FTP Server
<---  220 
<---  331 User ftpuser1, password please
<---  230 Password Ok, User logged in
<--- 150- Opening data connection
<--- 150--  @ @  --((SSL))--
<--- 150  \( - )/ -- { connected to `192.168.134.10' }
---- Got EOF on data connection
---- Schließe den Daten Socket
<--- 226 Transfer complete
drw-rw-rw-   1 user     group           0 Mar 17 16:03 .
drw-rw-rw-   1 user     group           0 Mar 17 16:03 ..
drw-rw-rw-   1 user     group           0 Mar 10 09:29 Download
drw-rw-rw-   1 user     group           0 Mar 10 09:29 Upload







Port 3600 (implicit) ... seems to be encrypted .. or ???

/usr/bin/lftp ftps://ftpuser1:ftpuser1@134.. -p 3600

lftp ftpuser1@134..:~> debug 9   
lftp ftpuser1@134..:~> ls
---- Verbinde mit 192.168.134.1 (192.168.134.1) Port 3600
Certificate depth: 0; subject:
/C=de/ST=nrw/L=herford/O=heidi/CN=schlampe.dyns.net/emailAddress=thomas_heid
kamp@yahoo.de; issuer:
/C=de/ST=nrw/L=herford/O=heidi/CN=schlampe.dyns.net/emailAddress=thomas_heid
kamp@yahoo..de
WARNING: Certificate verification: self signed certificate
<--- 220- lintommi.zuhause PROXY-FTP server (DeleGate/9.5.2) ready.
<--- 220-   @ @
<--- 220-  ( - ) { DeleGate/9.5.2 (March 8, 2007) }
<--- 220- AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165,
H18PRO-443
<--- 220- Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
<--- 220- Copyright (c) 2001-2006 National Institute of Advanced Industrial
Science and Technology (AIST)
<--- 220- WWW: http://www.delegate.org/delegate/
<--- 220- --
<--- 220- You can connect to a SERVER by `user' command:
<--- 220-    ftp> user username@SERVER
<--- 220- or by `cd' command (after logged in as an anonymous user):
<--- 220-    ftp> cd //SERVER
<--- 220- Cache is enabled by default and can be disabled by `cd .' (toggle)
<--- 220- This (proxy) service is maintained by 'pjmhabdyi-mykgh44kistw.ml@delegate.org'
<--- 220- 
<--- 220-extended FTP [MODE XDC][XDC/BASE64]
<--- 220  
---> USER ftpuser1
<--- 331 Password required for ftpuser1.
---> PASS ftpuser1
<--- 230- User ftpuser1 logged in.
<--- 230  Now you can select a FTP SERVER by cd //SERVER
---> PWD
<--- 257 "/" is current directory.
---> PBSZ 0
<--- 200 OK
---> PASV
<--- 227 Entering Passive Mode (192,168,134,1,248,192).
---- Verbinde Daten Socket mit (192.168.134.1) Port 63680
---- Data connection established
---> LIST
<--- 150-- LIST for ftpuser1@134..
<---  220-Willkommen auf Tommis FTP Server
<---  220 
<---  331 User ftpuser1, password please
<---  230 Password Ok, User logged in
<--- 150- Opening data connection
<--- 150--  @ @  
<--- 150  \( - )/ -- { connected to `192.168.134.10' }
---- Got EOF on data connection
---- Schließe den Daten Socket
<--- 226 Transfer complete
drw-rw-rw-   1 user     group           0 Mar 17 16:03 .
drw-rw-rw-   1 user     group           0 Mar 17 16:03 ..
drw-rw-rw-   1 user     group           0 Mar 10 09:29 Download
drw-rw-rw-   1 user     group           0 Mar 10 09:29 Upload



So, what is the right syntax for me, for using delegate in my case ???


FTPs (client)--> encrypted --> Delegate(TLS) --> encrypted -> FTPs Server

(The internal FTPs Server is only able to do Explicit TLSv1 / SSLv3)

PLZ help ...


		
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de