Article delegate-en/2335 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP TLS Proxy Problem
08 Jul 2003 21:44:40 GMT "Bryan Dees" <phueabdyi-ry4zqcm7fjvr.ml@ml.delegate.org>
Airborne Express


Hi,

I installed the delegate8.6.0-snap03062408.tar build per your
instructions below and using the following script i'm still unable to
proxy ftp-data packets back to the client. Last thing I see on the
delegate log is the ftp port establishment. On the client I wait for a
password prompt after seeing the AUTH/TLS. TCPDUMP show's nothing beyond
the FTP establish, no data packets, etc.. Here's the commands i'm using,
maybe you can point out what i'm doing wrong:

#!/bin/sh
# 156.137.50.29  -- inside addr
# 156.137.90.10  -- outside addr

export ADMIN="root@localhost"
export DGBASE="/usr/src/delegate8.6.0-snap03062408"
export DGROOT="/usr/src/delegate8.6.0-snap03062408/src"
export LIBPATH="$DGBASE/lib"

HOST="156.137.50.49"
FTPSVR="$HOST:21"

# Proxy Connect:Enterprise SSL FTP
$DGROOT/delegated \
  -P10021 \
  -v \
  PERMIT="*:*:*" \
  REACHABLE="*" \
  RELAY=proxy, delegate \
  SERVER=ftp://$FTPSVR/  \
  FTPCONTROL=nopasv \
  SRCIF="156.137.90.10:*:tcpbound" \
# SRCIF="156.137.50.29:*:tcpbound" \
# CMAP=sslway:FCL:ftp-data CMAP="sslway -St:FCL:ftp" SERVER=ftp
# CMAP="sslway -st:FCL:ftp:*:*" CMAP="sslway
-ad:FCL:sslway:ftp-data:*:*"

  CMAP="sslway -st:FCL:ftp" CMAP=sslway:FCL:ftp-data:*:*
  CMAP="sslway -st:FSV:ftp" CMAP=sslway:FSV:ftp-data:*:*

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Saturday, June 28, 2003 12:50 AM
To: feedback@delegate.org
Cc: pjaeabdyi-ry4zqcm7fjvr.ml@ml.delegate.org
Subject: Re: [DeleGate-En] FTP TLS Proxy Problem

Hi,

I'm sorry that I've not made any response about the problem.

On 02/07/03(14:15) you "Bryan Dees" <pjaeabdyi-ry4zqcm7fjvr.ml@ml.delegate.org> wrote
in <_A2120@delegate-en.ML_>
 |The target server is a FTP server using TLS/SSL on port 21. The
 |application is a sterling application called: Connect:Enterprise
 |(www.stercomm.com <http://www.stercomm.com/> ). I need to proxy FTPS
due
 |to network address translation issues which cause the ftp-data packets
 |to be returned using the inside address instead of the NAT address. I
 |was hoping to use DeleGate for this purpose.

The server of ftp.delegate.org is going to be moved behind NAT and
I encountered the problem using non-standard FTP port ;-)
So I made the modification like enclosed patch.  Applying it to
DeleGate, You can specify the global IP address xx.xx.xx.xx of FTP
server as this:

  SRCIF="xx.xx.xx.xx:*:tcpbound"

(The patch is for
<URL:ftp://ftp.delegate.org/pub/DeleGate/delegate8.6.0-snap03062408.tar.
gz>)

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology
(AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** ../dist/delegate8.6.0-snap03062408/src/inets.c      Sun Jun 15
19:25:54 2003
--- ./inets.c   Sat Jun 28 16:32:09 2003
***************
*** 2648,2653 ****
--- 2648,2665 ----
  BOUND:
        addrlen = sizeof(VSAddr);
        getsockname(dsock,(SAP)&svdata,&addrlen);
+ 
+       {       char *claddr,gwhost[256];
+               int clport,gwport;
+  
+               claddr = VSA_ntoa(&svpeer);
+               clport = VSA_port(&svpeer);
+               if(
SRCIFfor(Conn,"tcpbound",claddr,clport,gwhost,&gwport) ){
+                       VSA_prftp(&svsock,mport);
+                       VSA_atosa(&svsock,0,gethostaddr(gwhost));
+               }
+       }
+ 
        VSA_setport(&svsock,VSA_port(&svdata));
        VSA_prftp(&svsock,mport);
        VSA_xtoap(&svsock,local,sizeof(local));

-- 

Bryan Dees
Distributed Systems Software Analyst
Airborne Express
000-000-0006


==================================================
This communication may contain privileged and/or confidential information.
It is intended solely for the use of the addressee. If you are not the
intended recipient, you are strictly prohibited from disclosing, copying,
distributing or using any of this information. If you received this
communication in error, please contact the sender immediately and destroy
the material in its entirety, whether electronic or hard copy. You may not
directly or indirectly reuse or redisclose such information for any purpose
other than to provide the services for which you are receiving the
information.
ectly reuse or redisclose such information for any purpose
other than to provide the services for which you are receiving the
information.


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V