Article delegate-en/1409 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Howto? SSL FTP Tunneling
14 Nov 2001 16:47:57 GMT "Bryan Dees" <ppqcqbdyi-ufvkztrdw23r.ml@ml.delegate.org>


Hello,

Yes, thank you very much. Your HTTPS example allowed me to
relay without any problems to my HTTPS server.

My FTP server 'goahp85.airborne.com:10021' uses AUTH TLS
negotiation.

I added your suggestions to the following command:

   delegated -v -P10021 \
   SERVER=ftp://goahp85.airborne.com:10021  \
   CMAP="lib/sslway -st:FSV:ftp-data" \
   CMAP="lib/sslway -st:FCL:ftp"

The error: "SSL23_GET_SERVER_HELLO:unknown" went away. And I 
can now establish a connection, but i'm having troubles with
ftp-data I think. The following is an excerpt from my
client log:

Finding Host nbhd2 ...
Connecting to 156.137.12.90:21
Connected to 156.137.12.90:21, Waiting for Server Response
220-extended FTP [MODE XDC][XDC/BASE64][PIPELINE] (1) 156.137.12.90
220- <<<CONNECT:Enterprise for UNIX 1.1.00 Secure FTP>>> at goahp85 FTP
server ready. Time = 08:33:20
220 
Host type (1): Automatic detect
AUTH SSL
234 OK
USER nbhd
331 Password required for nbhd.
PASS (hidden)
230 CONNECT:Enterprise for UNIX login ok, access restrictions apply.
SYST
215 UNKNOWN Type: L8
PWD
257 "/nbhd" is current directory.
PASV
227 Entering Passive Mode (156,137,12,90,4,193) DeleGate[B].
connecting data channel to 156.137.12.90:1217
data channel connected to 156.137.12.90:1217
LIST
150 Opening ASCII mode data connection for .
Failed to create secure data socket
PASV
606 no socket
PORT 0,0,0,0,9,163
connection aborted; the operation was canceled.
Port failed 

Delegate logs now show the following permission error
right after the FTP-CONTROL-REMOTE:
bind_inet failed: ERRNO=13 (you are not permitted user)

Have you seen this before?

Thank you,

Bryan
phueabdyi-ufvkztrdw23r.ml@ml.delegate.org



-----Original Message-----
From: feedback@delegate.org [mailto:feedback@delegate.org]
Sent: Wednesday, November 14, 2001 7:43 AM
To: feedback@delegate.org
Cc: Bryan Dees
Subject: Re: [DeleGate-En] Howto? SSL FTP Tunneling


Hi,

On 11/14/01(07:27) you "Bryan Dees" <ppqcqbdyi-ufvkztrdw23r.ml@ml.delegate.org> wrote
in <_A1407@delegate-en.ML_>
 |Thank you for the example. However, when using the FTP protocol in
place
 |of the https protocol I get
 |the following error:

So can I understand my HTTPS example worked without problem in
your environment?

 |11/13 15:22:23.10 [17830] 1+0: ConnectToServer:
 |DFLT=ftp://goahp85.airborne.com:10021 REAL=://:0
 |11/13 15:22:23.11 [17830] 1+0: ConnectToServer connected [7]
 |{156.137.6.30:10021 <- 156.137.12.90:1162} [0.001s]
 |11/13 15:22:23.11 [17832] 1+0: -- Fork(FSV): 17830 -> 17832
 |11/13 15:22:23.11 [17832] 1+0: #### execFilter[FSV]
 |[/usr/local/delegate7.5.4/lib/sslway]lib/sslway
 |## SSLway[17832](nbhd.abf.ad.airborne.com) connect failed
 |17832:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
 |protocol:s23_clnt.c:460:

Does this server "ftp://goahp85.airborne.com:10021" talk "FTPS"
which start SSL without negotiation?  If so, some kind of
mismatching in SSL version between your SSLway and your server
exists.

Or if the FTP server starts in normal non-SSL status and starts SSL
on demand with "AUTH TLS" negotiation (RFC2228), you must specify
"-st" option as FSV="sslway -st".  If this works, then you should
use CMAP="sslway:FSV:ftp-data" for ftp-data connection.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology
(AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V