Article delegate-en/4259 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] FTP PASV port range
05 Dec 2008 15:30:06 GMT "Luc Willems" <pumiabdyi-bfkmicdyir3r.ml@ml.delegate.org>


hello all ,

i'm trying to create a ftps  -> ftp proxy server where clients connect to a
public IP address (ftps) and it is forwarded to a internal ftp server.

Connection seems working fine , but the data connection fails because our
firewall blocks the second connection. Now this is normal.
Because the nature of ftps, the firewall doesn't know about the extra
connection like in normal ftp

To work around this , we though that if we limit the port number to a range
, we could open that range to the FTPS proxy and connection will succeed.
im using SRCIF=*:65000-65100:ftp-data-pasv for that but somehow , the PASV
port range is not used  :-(

following is logging of a connection : in this example the data port is set
to 48919, not the 65000-65100 range defined by SRCIF config ?

is this normal ?

 /opt/delegated/bin/delegated -v 'SRCIF="*:65000-65100:ftp-data-pasv"'
-P2112,990 REMITTABLE=ftp,sftp 'RELIABLE=*'
SERVER=ftp://10.0.1.137STLS=-fcl/ssl TLSCONF=shutdown:wait
'LOGDIR=log[date+/archive/%Y%m%d]'
SYSLOG= DGROOT=/opt/delegated/runtime
PIDFILE=/opt/delegated/runtime/delegated.pid
CERTDIR=/opt/delegated/etc/certs
12/05 16:19:01.15 [24563] 0+0: -- setCredhyCache /tmp/credhy_cache128s >>
/opt/delegated/runtime/act/credhy_cache128s
12/05 16:19:01.15 [24563] 0+0: command PATH: /opt/delegated/bin/delegated ->
/opt/delegated/bin/delegated
12/05 16:19:01.15 [24563] 0+0: PORT> -P2112,990
12/05 16:19:01.16 [24563] 0+0: --- [crypto] 0 dglibcrypto.so
12/05 16:19:01.16 [24563] 0+0: --- [/usr/lib/libcrypto.so.0.9.8]
12/05 16:19:01.16 [24563] 0+0: --- [crypto] 8413130
/usr/lib/libcrypto.so.0.9.8
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional: SSL_set_SSL_CTX
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional: SSL_get_servername
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional:
SSL_get_servername_type
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional: SSL_CTX_callback_ctrl
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional:
SSL_CTX_use_certificate_chain_file
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional:
SSL_CTX_set_session_id_context
12/05 16:19:01.16 [24563] 0+0: --- [crypto] optional:
SSL_CTX_set_generate_session_id
12/05 16:19:01.16 [24563] 0+0: ---- [crypto] loaded 102 syms, unknown=47+7,
already=0
12/05 16:19:01.16 [24563] 0+0: --- [ssl] 0 dglibssl.so
12/05 16:19:01.16 [24563] 0+0: --- [/usr/lib/libssl.so.0.9.8]
12/05 16:19:01.16 [24563] 0+0: --- [ssl] 8413880 /usr/lib/libssl.so.0.9.8
12/05 16:19:01.16 [24563] 0+0: ---- [ssl] loaded 102 syms, unknown=0+0,
already=2
12/05 16:19:01.16 [24563] 0+0: ---- unknown = 0+0, already = 2 / 102
12/05 16:19:01.16 [24563] 0+0: +++ loaded OpenSSL 0.9.8g 19 Oct 2007
12/05 16:19:01.16 [24563] 0+0: ... testing resolver[SYS] with '
WWW.DeleGate.ORG'
12/05 16:19:01.16 [24563] 0+0: ... you can suppress this test by RES_WAIT=0
12/05 16:19:01.17 [24563] 0+0: ... gethostname(eclproxy)
12/05 16:19:01.17 [24563] 0+0: configuring default RESOLV ...
12/05 16:19:01.17 [24563] 0+0: ... gethostname()='eclproxy'
12/05 16:19:01.17 [24563] 0+0: ... SYS: eclproxy -> 127.0.1.1
12/05 16:19:01.18 [24563] 0+0: {R} SOA got [in-addr.arpa][A.ROOT-SERVERS.NET
][dns-ops.ARIN.NET] 2008120504 1800 900 691200 10800
12/05 16:19:01.18 [24563] 0+0: ... NIS not available (no default domain)
12/05 16:19:01.18 [24563] 0+0: ... export RES_ORDER=CFDS
12/05 16:19:01.18 [24563] 0+0: {R}
confid(detected)[165fb966600cdf364e9cf90370e5baf6]<-[]
12/05 16:19:01.18 [24563] 0+0: export RESOLV=cache,file,dns,sys (set by
default)
12/05 16:19:01.18 [24563] 0+0: default netmask 127.0.1.1/. = FFFFFF00
SRCSIGN=9.9.0:20081124072443+0900:dbc10d11daf4a9f5:Author@DeleGate.ORG
:zdpoaDaj+W3iCyzKwuIcAEi5X22JwMU2B6p+wErCsUrrAFE0A+Wq4LxltrouHgJlrtRjvoIMkyrCVmP/xQ2PsJwQ4x+yXWG0Z0suWYKLTE7p+g7aRNgYwgnF+/xUf4jZxiuVLdNRk/y/PmuCbPymzdUDid1L2r/LwdK2U/QU3iw=
BLDSIGN=9.9.0:20081201160128+0100:aee4308cb8fb8550:system@eclipseinternational..eu
:-
12/05 16:19:01.20 [24563] 0+0: --INITIALIZATION START-08120516+0100: 9.9.0
on Linux/2.6.24-19-server--
12/05 16:19:01.20 [24563] 0+0: EXECDIR=/opt/delegated/bin
12/05 16:19:01.20 [24563] 0+0: BINSHELL=/bin/sh
12/05 16:19:01.20 [24563] 0+0: MAXIMA=delegated:64 for small mem=544M
12/05 16:19:01.20 [24563] 0+0: scan STLS and FILTERS before beDaemon()...
12/05 16:19:01.20 [24563] 0+0: STLS -> CMAP="-o,-ss,sslway:FCL:starttls"
12/05 16:19:01.20 [24563] 0+0: --- [z] 0 dglibz.so
12/05 16:19:01.20 [24563] 0+0: --- [z] 0 libz.so.0.9.8
12/05 16:19:01.20 [24563] 0+0: --- [/usr/lib/libz.so]
12/05 16:19:01.20 [24563] 0+0: --- [z] 84133B0 /usr/lib/libz.so
12/05 16:19:01.20 [24563] 0+0: --- [z] optional: gziocallback
12/05 16:19:01.20 [24563] 0+0: ---- [z] loaded 17 syms, unknown=0+1,
already=0
12/05 16:19:01.20 [24563] 0+0: +++ loaded Zlib 1.2.3.3
12/05 16:19:01.20 [24563] 0+0: #### gzip/gunzip = dynamically linked
12/05 16:19:01.20 [24563] 0+0: ## SSLway ## 0.004661 connected/accepted
12/05 16:19:01.20 [24563] 0+0: ## SSLway initialized ctx #1001289903 0 0
12/05 16:19:01.20 [24563] 0+0: server_open(delegate,:2112,listen=20)
12/05 16:19:01.21 [24563] 0+0: server_open(delegate,:2112) BOUND
12/05 16:19:01.21 [24563] 0+0: server_open(delegate,:990,listen=20)
12/05 16:19:01.21 [24563] 0+0: server_open(delegate,:990) BOUND
12/05 16:19:01.21 [24563] 0+0: DGROOT=/opt/delegated/runtime^M
12/05 16:19:01.21 [24563] 0+0: <DeleGate/9.9.0> [24563] -P2112 READY^M
<DeleGate/9.9.0> [24563] -P2112 READY
Config: Linux/2.6.24-19-server; FileSize-Bits=32/64,32/32,32;
socket=87380/16384,++NAT; sockpair=110592/110592,1002++U; char=signed;
thread=PThread/pthread; stty=tcsetattr; fmem=000/000/0006M
DGROOT=/opt/delegated/runtime
ADMIN=system@eclipseinternational..eu
AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165, H18PRO-443
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2008 National Institute of Advanced Industrial Science
and Technology (AIST)
BLDSIGN=9.9.0:20081201160128+0100:aee4308cb8fb8550:system@eclipseinternational..eu
:-
Loaded: OpenSSL 0.9.8g 19 Oct 2007
Loaded: Zlib 1.2.3.3
12/05 16:19:01.21 [24563] 0+0: PORT= 2112/8,990/9 (8,64)
12/05 16:19:01.21 [24563] 0+0: OWNER=nobody =>
OWNER=nobody/nogroup(nobody/nogroup)
12/05 16:19:01.21 [24563] 0+0: STLS -> CMAP="-o,-ss,sslway:FCL:starttls"
12/05 16:19:01.21 [24563] 0+0: REMITTABLE = ftp,sftp
12/05 16:19:01.21 [24563] 0+0:
ADMIN=system@eclipseinternational.euprotocol=ftp(specialist)
12/05 16:19:01.21 [24563] 0+0: #### CACHE DISABLED #### Cache directory
seems not exist: /opt/delegated/runtime/cache
12/05 16:19:01.21 [24563] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
12/05 16:19:01.21 [24563] 0+0: MOUNT[1]X[3] /-/* =
forbidden,from=!.RELIABLE,default
12/05 16:19:01.21 [24563] 0+0: MOUNT[2]X[0] /-* = default
12/05 16:19:01.21 [24563] 0+0: MOUNT[3]X[1] /=* = default
12/05 16:19:01.21 [24563] 0+0: MOUNT[4]=[4] //* = default
12/05 16:19:01.22 [24563] 0+0: StickyReport[12,13]127.0.0.127:65535><
127.0.0.127:65535 110592/110592 110592/110592
12/05 16:19:01.22 [24563] 0+0: env[9] EDITOR=vi
12/05 16:19:01.22 [24563] 0+0: env[19]
LIBPATH=.;/;/opt/delegated/runtime/lib;/opt/delegated/bin;/opt/delegated/runtime/etc
12/05 16:19:01.22 [24563] 0+0: env[23] RESOLV=cache,file,dns,sys
12/05 16:19:01.22 [24563] 0+0: arg[2] SRCIF="*:65000-65100:ftp-data-pasv"
12/05 16:19:01.22 [24563] 0+0: arg[4] REMITTABLE=ftp,sftp
12/05 16:19:01.22 [24563] 0+0: arg[5] RELIABLE=*
12/05 16:19:01.22 [24563] 0+0: arg[6] SERVER=ftp://10.0.1.137
12/05 16:19:01.22 [24563] 0+0: arg[7] STLS=-fcl/ssl
12/05 16:19:01.22 [24563] 0+0: arg[8] TLSCONF=shutdown:wait
12/05 16:19:01.22 [24563] 0+0: arg[9] LOGDIR=log[date+/archive/%Y%m%d]
12/05 16:19:01.22 [24563] 0+0: arg[10] SYSLOG=
12/05 16:19:01.22 [24563] 0+0: arg[11] DGROOT=/opt/delegated/runtime
12/05 16:19:01.22 [24563] 0+0: arg[12]
PIDFILE=/opt/delegated/runtime/delegated.pid
12/05 16:19:01.22 [24563] 0+0: arg[13] CERTDIR=/opt/delegated/etc/certs
12/05 16:19:01.22 [24563] 0+0: DELEGATE_Modified[1]: 49394665 1228490341
12/05 16:19:01.22 [24563] 0+0: --INITIALIZATION DONE-08120516+0100: 9.9.0 on
Linux/2.6.24-19-server--
12/05 16:19:01.22 [24563] 0+0: logMMap: B7F88000 1332
12/05 16:19:01.22 [24563] 0+0: LOG-Socketpair[18,19]
12/05 16:19:06.34 [24568] 1+0: -- Fork(OnetimeServer): 24563 -> 24568
12/05 16:19:06.34 [24568] 1+0: (0) accepted [35] -@[84.195.255.78]
d54C3FF4E.access.telenet.be:41672 (0.005s)(1)
12/05 16:19:06.34 [24568] 1+0: PATH: ftp://10.0.1.137:21!194.78.34.236:990
!d54C3FF4E.access.telenet.be:41672!anonymous@d54C3FF4E.access.telenet.be
;1228490346
12/05 16:19:06.60 [24568] 1+0: FTP server ftp://10.0.1.137:21/
12/05 16:19:06.60 [24568] 1+0: FTPHOPS: 1 [35/35 - -1/-1]
12/05 16:19:06.60 [24568] 1+0: ConnectToServer:
DFLT=ftp://10.0.1.137:21REAL=://:0
12/05 16:19:06.66 [24568] 1+0: ConnectToServer connected [8] {10.0.1.137:21<-
10.0.3.236:45017} [0.058s]
12/05 16:19:06.66 [24568] 1+0: willSTLS_SV: ServerFlags=0
12/05 16:19:06.67 [24568] 1+0: willSTLS_SV: ServerFlags=0
12/05 16:19:06.70 [24568] 1+0: #### AUTH TLS
12/05 16:19:06.70 [24568] 1+0: ## SSLway B7AFAB90 loadSession 0.000037 (0 0)
/ -1
12/05 16:19:06.75 [24568] 1+0: ## SSLway ## 0.053276 connected/accepted
12/05 16:19:06.87 [24568] 1+0/3/2: LoginPWD: "/"
12/05 16:19:06.91 [24568] 1+0/3/3: #### PBSZ 0
12/05 16:19:06.92 [24568] 1+0/3/3: #### PROT P
12/05 16:19:06.99 [24568] 1+0/6/6: ## viaCFI: ToC=35 ClientSock=12
12/05 16:19:06.99 [24568] 1+0/6/6: FTP-control-remote: 194.78.34.236:990[12]
12/05 16:19:06.99 [24568] 1+0/6/6: FTP-data-local[9]: 194.78.34.236:48919
12/05 16:19:06.99 [24568] 1+0/6/6: --FTPdata reuse port# 48919
[194,78,34,236,191,23]
12/05 16:19:06.99 [24568] 1+0/6/6: ## [PASV] restored (194,78,34,236,191,23)
12/05 16:19:07.02 [24568] 1+0/6/6: ftp_conndata: connected 10.0.3.236:45016
->10.0.1.137/10.0.1.137:14860 [20](0.0)
12/05 16:19:07.02 [24568] 1+0/6/6: -- with PASV
12/05 16:19:07.03 [24568] 1+0/6/6: PASV [B][194,78,34,236,191,23] >> 227
Entering Passive Mode (194,78,34,236,191,23).^M
12/05 16:19:07.06 [24568] 1+0/7/7: FTP-CACHE: LIST [] = [][]:0
12/05 16:19:23.00 [24568] 1+0/7/7: ## SSLway FCL S-C:337/9 C-S:79/9 CS-EOS
12/05 16:19:23.00 [24568] 1+0/7/7: ## left connected but dead [23]
12/05 16:19:37.06 [24568] 1+0/7/7: ## accept([9]:48919) failed polling,
errno=0
12/05 16:19:37.06 [24568] 1+0/7/7: FTP ACCEPT_TIMEOUT 30
12/05 16:19:37.06 [24568] 1+0/7/7: resetServ 0 0 0 [B7CDA6C0 0 B7AFAB90] 1[8
8 -1 -1 8]1 [12 -1074972120]137707520
12/05 16:19:37.06 [24568] 1+0/7/7: disconnected [35] -@[84.195.255.78]
d54C3FF4E.access.telenet.be:41672 (30.720s)(0)
12/05 16:19:37.06 [24568] 1+0/7/7: CFI-wait 1/1 0/1 as=0 xpid=-1,-1 0.00



-- 
Willems Luc
Email : Luc Willems <luc.will(at)gmail.com>

We the unwilling,
led by the unknowing,
are doing the impossible
for the ungrateful.
We have done so much for so long with so little
We are now qualified to do anything with nothing

see http://www.perl.com/pub/a/2003/07/16/soto2003.html?page=1


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V