Article delegate-en/1613 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1609@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP through Socks
17 Apr 2002 22:10:12 GMT feedback@delegate.org (Yutaka Sato)


On 04/17/02(10:09) you "Vaughn Jardine" <pjedabdyi-p5lznxm5mzxr.ml@ml.delegate.org> wrote
in <_A1609@delegate-en.ML_>
 |Forgive my ignorance as I'm new to delegate. My users use cuteftp,
 |icq, and msn through Delegate socks. What parameters do I use to
 |block ftp to ONE specific domain, while allowing access to other ftp sites? 
 |
 |Lets say I wanted people to access all ftp sites except *.uwi.com
 |I tried ./delegated -P1080 SERVER=socks PERMIT="*:*,!*.uwi.com:*" but
 |this still allows access to www.uwi.com.

Socks version 4 clients sends resolved destination IP-address to the
Socks server.

  % nslookup www.uwi.com
  Name:    www.uwi.com
  Address:  216.210.101.9

  % nslookup 216.210.101.9
  cannot resolve

In this case, Socks server (DeleGate in this case) receives "209.86.69.164"
which cannot be resolved to host name like "www.uwi.com" by DNS inverse
lookup. So you need to negate the IP-address like this:

  PERMIT="*:!*.uwi.com,!209.86.69.164:*"

or define the mapping privately by a HOSTS parameter  like:

  PERMIT="*:!*.uwi.com:*" HOSTS=www.uwi.com/209.86.69.164

(be sure that you need escape "!" by "\!" in some shells like csh)

 |The I tried ./delegated -P1080 SERVER=socks PERMIT="*:!*.uwi.com,*:*
 |(all sites"*" come after the negate uwi) This blocks access but also
 |to other ftp sites.

A hostlist "...,*" equals to "*" so I don't see why it blocks something.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V