Thanks for your reply but i have on think bothering me.
The case not working sample is an aix ftp client that by default run
Active FTP but is capable of doing passive.
What i see in doing traces is that is seems to be the Delegate
server that Force "Translate to PASV",
but then the firewall rejects this as it was not a client request ?
Christophe BRUNET/AT&T GLOBAL NETWORK
Tel 30 0 00 00 00 0X/ Fax 33 1 43 03 69 43
"This message and any attachments to it contain confidential business
information intended solely for the recipients. If you have received this
email in error please do not forward or distribute it to anyone else, but
telephone to report the error, and then delete this message from your
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: vendredi 30 août 2002 11:20
Cc: Brunet, Christophe
Subject: Re: [DeleGate-En] ftp no data received
on 08/30/02(17:32:52) you "Brunet, Christophe" <email@example.com> wrote:
| we have problem with the ftp proxy configured like this :
|/usr/local/bin/delegated -Pproxy:21 SERVER="ftp://ftp-internal:21/"
| The proxy is on a dmz behind a Checkpoint Firewall, the checkpoint
|ftp fix is installed on.
| It seems that when we get translated to PASV it fails. Whe have
|tryed to use the FTPCONF=nopasv or noxdc same problem.
It seems not so. The problem occurs when the DeleGate try to make
TCP connection to the client, to the port requested with PORT command.
|This is with an ftp client that performed a dir on the ftp (a netscape
|browser behind a squid proxy using internet)
|08/29 18:17:50.83  2+0/5: -- with PASV
|08/29 18:17:50.83  2+0/5: PASV [proxy,132,69] >> 227 Entering
|Mode (proxy,132,69) Dele
|08/29 18:17:51.02  2+0/10: FTP-CACHE: LIST  = :0
|08/29 18:17:52.03  2+0/10: FTP data-relay(10000b -> 10000b)
|7233b / 1/ 0.00s (read-EOF)
This client succeeded the data connection requesting it with PASV.
The connection is established from client to DeleGate in this case.
|This is a ftp user that connected but didn't receive any data (direct to
|proxy ) connexion ftp client.
|08/29 18:19:52.99  3+0/5: -- with PASV
|08/29 18:19:52.99  3+0/5: PORT [141,94,62,149,147,18] >> 200 PORT
|command successful [translated to PASV].^M
|08/29 18:19:53.02  3+0/6: FTP-CACHE: LIST  = :0
|08/29 18:19:53.02  3+0/6: ## ftp-conndata: NOT bound#1 err=13
|08/29 18:20:23.02  3+0/6: *** CON_TIMEOUT: 30.00/30s ->
|08/29 18:20:23.02  3+0/6: ftp_conndata: connection refused
This DeleGate succeeded to connect to the server too, but failed to
connect to the client which requested data-connection with PORT
command, expecting it to be established from the DeleGate to the
@ @ Yutaka Sato <firstname.lastname@example.org> http://www.delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller