Article delegate-en/4484 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4482@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP client to implicit FTPS server
05 Jun 2009 08:55:15 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4482@delegate-en.ML_> on 06/04/09(03:50:45)
you Marvin <pn4iqbdyi-cgcyfepwb23r.ml@ml.delegate.org> wrote:
 |Below the logging of a failed active connection:

I can't see why this problem is described as:
 > The STLS="-fsv,im=0.5" breaks 'normal' ftp connections using PORT.
 > PASV connections work just fine.

What does "normal ftp connection" mean ?  First I thought it as the
non-SSL connection, but your broken PORT connection seems SSL based.
How "PASV" works fine?  Compareing the LOGFILEs of "PORT" and "PASV"
for the same server and file will give us real hints.
LOGFILE with "-vd" option will give us more useful hints.
Your connection problem seems to be caused by NAT or firewall or so,
so the network configurations around your DeleGate and the target FTP
server is necessary to understand what is going.

A possible description of your problem is "the target FTP server
(what is it?) cannot connect back to DeleGate's host to establish
a PORT data-connection (in FTPS mode)".  It might becuase the PORT
command cannot be rewritten by the firewall because it is encrypted
in SSL.  If it is the case, there might be nothing DeleGate can do.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

 |06/03 20:46:10.26 [7541] 1+0/2: ## SSLway ## 0.079057 connected/accepted
 |06/03 20:46:10.26 [7541] 1+0/2: ## SSLway server's cert. =
 |**subject<</C=UK/O=BLA/OU=BLA FTP Server/CN=FTP3.bla.com>>
 |**issuer<</C=UK/O=BLA/OU=BLA FTP Server/CN=FTP3.bla.com>>
 |06/03 20:46:10.42 [7541] 1+0/2: LoginPWD: "/ftp/user"
 |06/03 20:46:10.73 [7541] 1+0/5/3: ## viaCFI [mkPASV]: fileno(ts)=25 ToSX=26
 |06/03 20:46:10.75 [7541] 1+0/5/3: ## viaCFI [mkPASV]: fileno(ts)=25 ToSX=26
 |06/03 20:46:10.76 [7541] 1+0/5/3: {R} SOA got
 |[10.in-addr.arpa][localhost][root] 1 604800 86400 2419200 604800
 |06/03 20:46:20.76 [7541] 1+0/5/3: ## connect[27] TIMEOUT(10000)
 |06/03 20:46:20.76 [7541] 1+0/5/3: *** CON_TIMEOUT: 10.00/10s ->
 |10.202.5.6:1498
 |06/03 20:46:20.76 [7541] 1+0/5/3: ftp_conndata: connection refused
 |107.112.114.21:33495->10.202.5.6/10.202.5.6:1498, errno=110
 |06/03 20:46:20.76 [7541] 1+0/5/3: ftp_conndata: retry without port# (33495)
 |06/03 20:46:30.77 [7541] 1+0/5/3: ## connect[27] TIMEOUT(10000)
 |06/03 20:46:30.77 [7541] 1+0/5/3: *** CON_TIMEOUT: 10.00/10s ->
 |10.202.5.6:1498
 |06/03 20:46:30.77 [7541] 1+0/5/3: ftp_conndata: connection refused
 |107.112.114.21:57720->10.202.5.6/10.202.5.6:1498, errno=110
 |06/03 20:46:30.77 [7541] 1+0/5/3: ## viaCFI [mkPORT]: fileno(ts)=25 ToSX=26
 |06/03 20:46:30.77 [7541] 1+0/5/3: FTP-control-remote: 123.12.122.51:21 [26]
 |06/03 20:46:30.77 [7541] 1+0/5/3: FTP-data-local[27]: 107.112.114.21:39365
 |06/03 20:46:30.79 [7541] 1+0/5/3: PORT [10,235,108,74,49,34] >> 200 Port
 |request OK.^M

In message <_A4483@delegate-en.ML_> on 06/04/09(03:56:28)
you Marvin <pn4iqbdyi-cgcyfepwb23r.ml@ml.delegate.org> wrote:
 |And this is one of a succesful connection with STLS removed. I'm using
...
 |06/03 20:54:42.08 [7774] 2+0/5/3: ## ftp-conndata: NOT bound#1 err=98
 |06/03 20:54:52.09 [7774] 2+0/5/3: ## connect[26] TIMEOUT(10000)
 |06/03 20:54:52.09 [7774] 2+0/5/3: *** CON_TIMEOUT: 10.00/10s ->
 |123.12.122.51:1500
 |06/03 20:54:52.09 [7774] 2+0/5/3: ftp_conndata: connection refused
 |107.112.114.21:42233->ftp3.bla.com/123.12.122.51:1500, errno=110
 |06/03 20:54:52.09 [7774] 2+0/5/3: FTP-control-remote: 123.12.122.51:21 [25]
 |06/03 20:54:52.09 [7774] 2+0/5/3: FTP-data-local[26]: 107.112.114.21:50650
 |06/03 20:54:52.11 [7774] 2+0/5/3: PORT [10,235,108,74,49,36] >> 200 Port
 |request OK.^M
 |06/03 20:54:52.22 [7774] 2+0/6/4: FTP-CACHE: LIST [] = [][]:0
 |06/03 20:54:52.22 [7774] 2+0/6/4: --SU NONE
 |/var/spool/delegate-nobody/sudo/port/P
 |06/03 20:54:52.22 [7774] 2+0/6/4: ## command not found: dgbind
 |06/03 20:54:52.22 [7774] 2+0/6/4: ## ftp-conndata: NOT bound#1 err=13
 |06/03 20:54:52.22 [7774] 2+0/6/4: ftp_conndata: connected
 |10.235.253.21:37861->eupdwsappb308.acme.corp/10.235.108.74:12580 [26](0.0)
 |06/03 20:54:52.22 [7774] 2+0/6/4: DATA 123.12.122.51:20 ->
 |107.112.114.21:50650 .. 10.235.253.21:37861 -> 10.235.108.74:12580
 |06/03 20:54:52.22 [7774] 2+0/6/4: FTP data-relay([27]15554b -> [26]10000b)
 |509b / 1/ (6) 0.00s (read-EOF)


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V