Article delegate-en/4260 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4259@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP PASV port range
06 Dec 2008 01:28:31 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4259@delegate-en.ML_> on 12/06/08(00:28:00)
you "Luc Willems" <pumiabdyi-bfkmicbeir3r.ml@ml.delegate.org> wrote:
 |i'm trying to create a ftps  -> ftp proxy server where clients connect to a
 |public IP address (ftps) and it is forwarded to a internal ftp server.
 |
 |Connection seems working fine , but the data connection fails because our
 |firewall blocks the second connection. Now this is normal.
 |Because the nature of ftps, the firewall doesn't know about the extra
 |connection like in normal ftp
 |
 |To work around this , we though that if we limit the port number to a range
 |, we could open that range to the FTPS proxy and connection will succeed.
 |im using SRCIF=*:65000-65100:ftp-data-pasv for that but somehow , the PASV
 |port range is not used  :-(
 |
 |following is logging of a connection : in this example the data port is set
 |to 48919, not the 65000-65100 range defined by SRCIF config ?

I feel your description of the problem, logging and configuration are
almost perfect.

 |is this normal ?

no.

 | /opt/delegated/bin/delegated -v 'SRCIF="*:65000-65100:ftp-data-pasv"'
...
 |12/05 16:19:01.22 [24563] 0+0: env[23] RESOLV=cache,file,dns,sys
 |12/05 16:19:01.22 [24563] 0+0: arg[2] SRCIF="*:65000-65100:ftp-data-pasv"
 |12/05 16:19:01.22 [24563] 0+0: arg[4] REMITTABLE=ftp,sftp
 |12/05 16:19:01.22 [24563] 0+0: arg[5] RELIABLE=*
 |12/05 16:19:01.22 [24563] 0+0: arg[6] SERVER=ftp://10.0.1.137
 |12/05 16:19:01.22 [24563] 0+0: arg[7] STLS=-fcl/ssl
 |12/05 16:19:01.22 [24563] 0+0: arg[8] TLSCONF=shutdown:wait

At a glance, it is strange that only SRCIF has a value with double quotes
unwrapped even in the internal representation.  Due to it, it will be
interpreted as a triple of {"*}{65000-65100}{ftp-data-pasv"} then it is
not recognized as ftp-data-pasv.

Needless to say for you, the double quote blocked in the single quote on
your command line argument must be erased as:
  SRCIF="*:65000-65100:ftp-data-pasv" or
  'SRCIF=*:65000-65100:ftp-data-pasv'

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V