Article delegate-en/2072 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2071@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Filter not activated in PROXY="proxy:port:*" case
16 Jan 2003 03:01:00 GMT "Wu Jiafu" <p2idqbdyi-mnvdjly74rfr.ml@ml.delegate.org>


hi,

ooooooh, i got it! by adding ftpconf=noxdc
================================================

here is the log of the delegate1. would you please take a look? thanks a lot!

01/16 09:56:08.52 [7896] 0+0: configuring default RESOLV ...
01/16 09:56:08.53 [7896] 0+0: ... SYS: solaris.my.com -> 192.168.168.15
01/16 09:56:08.53 [7896] 0+0: ... DNS: 192.168.168.15 -> m15.my.com
01/16 09:56:08.53 [7896] 0+0: ... DNS available
01/16 09:56:08.53 [7896] 0+0: ... NIS not available (no default domain)
01/16 09:56:08.53 [7896] 0+0: ... export RES_ORDER=CFD
01/16 09:56:08.53 [7896] 0+0: export RESOLV=cache,file,dns (set by default)
01/16 09:56:08.53 [7896] 0+0: --INITIALIZATION START: 8.3.2 on SunOS/5.8--
01/16 09:56:08.53 [7897] 0+0: -- Fork(daemon): 7896 -> 7897
01/16 09:56:08.54 [7897] 0+0: server_open(delegate,:8021,listen=20)
01/16 09:56:08.54 [7897] 0+0: server_open(delegate,:8021) BOUND
01/16 09:56:08.54 [7897] 0+0: DGROOT=/var/spool/ftp^M
01/16 09:56:08.54 [7897] 0+0: <DeleGate/8.3.2 by ysato@delegate.org> [7897] -P8021 READY^M
01/16 09:56:08.54 [7897] 0+0: PORT= 8021/8 (31,85)
01/16 09:56:08.54 [7897] 0+0: OWNER=dg/dg => OWNER=dg/dg(dg/dg)
01/16 09:56:08.55 [7897] 0+0: REMITTABLE = ftp,ftps
01/16 09:56:08.55 [7897] 0+0: PATH: gzip -> /usr/bin/gzip
01/16 09:56:08.55 [7897] 0+0: #### gunzip = [/usr/bin/gzip]gzip -d
01/16 09:56:08.55 [7897] 0+0: ADMIN=root@localhost protocol=ftp(specialist)
01/16 09:56:08.55 [7897] 0+0: WORKDIR=/var/spool/ftp/work/8021
01/16 09:56:08.55 [7897] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
01/16 09:56:08.55 [7897] 0+0: MOUNT[1]X[3] /-/* = forbidden,from=!.RELIABLE,default
01/16 09:56:08.56 [7897] 0+0: MOUNT[2]X[0] /-* = default
01/16 09:56:08.56 [7897] 0+0: MOUNT[3]X[1] /=* = default
01/16 09:56:08.56 [7897] 0+0: MOUNT[4]=[4] //* = default
01/16 09:56:08.56 [7897] 0+0: env[16] LIBPATH=.;/usr/local/sbin;/var/spool/ftp/lib;/usr/local/sbin
01/16 09:56:08.56 [7897] 0+0: env[18] RESOLV=cache,file,dns
01/16 09:56:08.56 [7897] 0+0: arg[2] SERVER=ftp
01/16 09:56:08.56 [7897] 0+0: arg[3] PROXY=192.168.168.17:8021:*
01/16 09:56:08.56 [7897] 0+0: arg[4] CMAP=/usr/local/sbin/filter:FTOCL:ftp-data
01/16 09:56:08.56 [7897] 0+0: arg[5] OWNER=dg/dg
01/16 09:56:08.56 [7897] 0+0: arg[6] PERMIT=*:*:*
01/16 09:56:08.56 [7897] 0+0: arg[7] CACHE=no
01/16 09:56:08.56 [7897] 0+0: arg[8] DGROOT=/var/spool/ftp
01/16 09:56:08.57 [7897] 0+0: DELEGATE_Modified[1]: 3e261138
01/16 09:56:08.57 [7897] 0+0: --INITIALIZATION DONE--


01/16 10:27:47.30 [7924] 3+0: -- Fork(OnetimeServer): 7897 -> 7924
01/16 10:27:47.31 [7924] 3+0: (0) accepted [32] -@[127.0.0.1]localhost:50735 (0.012s)(1)
01/16 10:27:47.32 [7924] 3+0: PATH: ftp://-:21!localhost:8021!localhost:50735!anonymous@localhost;1042684067
01/16 10:27:47.34 [7924] 3+0: FTP server ftp://-:21/
01/16 10:27:47.35 [7924] 3+0: bind_insock(16,127.0.0.1,0) = 0, errno=0
01/16 10:27:47.35 [7924] 3+0: ## connect[16] refused (146)
01/16 10:27:47.35 [7924] 3+0: ### IDENT CONNECT(localhost:113) TIMEOUT(1000ms) (146)
01/16 10:27:47.35 [7924] 3+0: #### no authorization required
01/16 10:28:20.09 [7924] 3+0: gethostbyname(-) unknown[0.00s] 
01/16 10:28:20.10 [7924] 3+0: FTP LOGIN FROM localhost TO ftp@192.168.88.10
01/16 10:28:20.10 [7924] 3+0: PATH: ftp://192.168.88.10:21!localhost:8021!localhost:50735!anonymous@localhost;1042684067
01/16 10:28:20.12 [7924] 3+0: FTP server ftp://192.168.88.10:21/
01/16 10:28:20.12 [7924] 3+0: FTPHOPS: 1 [8/32 - -1/-1]
01/16 10:28:20.12 [7924] 3+0: ROUTE: ftp://192.168.168.17:8021//
01/16 10:28:20.12 [7924] 3+0: Forward connected [20] {192.168.168.17:8021 <- 192.168.168.15:50740} [0.001s]
01/16 10:28:24.29 [7924] 3+0: --- use MODE XDC/BASE64 with the server.
01/16 10:28:24.29 [7924] 3+0: #### to FTP-Proxy [ftp@192.168.88.10]
01/16 10:29:04.52 [7924] 3+0/2: LoginPWD: "/"
01/16 10:29:08.68 [7924] 3+0/2: PORT [127,0,0,1,198,58] >> 200 PORT command successful [translated to PASV by DeleGate].^M
01/16 10:29:08.68 [7924] 3+0/3: -- XDCserv to PORTclnt
01/16 10:29:08.68 [7924] 3+0/3: ---- XDC data_relay CLIENT (RECV).
01/16 10:29:08.78 [7924] 3+0/3: ftp_conndata: connected 127.0.0.1:8020->localhost/127.0.0.1:50746 [21]
01/16 10:30:23.41 [7924] 3+0/6: PORT [127,0,0,1,198,66] >> 200 PORT command successful [translated to PASV by DeleGate].^M
01/16 10:30:23.42 [7924] 3+0/7: -- XDCserv to PORTclnt
01/16 10:30:23.42 [7924] 3+0/7: ---- XDC data_relay CLIENT (RECV).
01/16 10:30:23.52 [7924] 3+0/7: ftp_conndata: connected 127.0.0.1:8020->localhost/127.0.0.1:50754 [21]
01/16 10:30:37.07 [7924] 3+0/9: PORT [127,0,0,1,198,69] >> 200 PORT command successful [translated to PASV by DeleGate].^M
01/16 10:30:37.08 [7924] 3+0/10: -- XDCserv to PORTclnt
01/16 10:30:37.08 [7924] 3+0/10: ---- XDC data_relay CLIENT (RECV).
01/16 10:30:37.18 [7924] 3+0/10: ftp_conndata: connected 127.0.0.1:8020->localhost/127.0.0.1:50757 [21]
01/16 10:30:37.18 [7924] 3+0/10: bind_insock(21,127.0.0.1,0) = 0, errno=0
01/16 10:30:37.18 [7924] 3+0/10: ## connect[21] refused (146)
01/16 10:30:37.18 [7924] 3+0/10: ### IDENT CONNECT(localhost:113) TIMEOUT(1000ms) (146)
01/16 10:30:37.18 [7924] 3+0/10: XFERLOG: Thu Jan 16 10:30:37 2003 0 localhost 57 //192.168.88.10/tmp/bqq.txt b _ o a kjf ftp 0 * N
01/16 10:31:05.76 [7924] 3+0/11: disconnected [32] -@[127.0.0.1]localhost:50735 (198.461s)(0)


when i removed the PROXY="192.168.168.17:8021:*" then the filter is activated:


01/16 10:40:59.32 [7934] 1+0: (0) accepted [36] -@[127.0.0.1]localhost:50821 (0.010s)(1)
01/16 10:40:59.32 [7934] 1+0: PATH: ftp://-:21!localhost:8021!localhost:50821!anonymous@localhost;1042684859
01/16 10:40:59.34 [7934] 1+0: FTP server ftp://-:21/
01/16 10:40:59.34 [7934] 1+0: bind_insock(16,127.0.0.1,0) = 0, errno=0
01/16 10:40:59.34 [7934] 1+0: ## connect[16] refused (146)
01/16 10:40:59.34 [7934] 1+0: ### IDENT CONNECT(localhost:113) TIMEOUT(1000ms) (146)
01/16 10:40:59.35 [7934] 1+0: #### no authorization required
01/16 10:41:38.91 [7934] 1+0: gethostbyname(-) unknown[0.00s] 
01/16 10:41:38.92 [7934] 1+0: FTP LOGIN FROM localhost TO ftp@192.168.88.10
01/16 10:41:38.92 [7934] 1+0: PATH: ftp://192.168.88.10:21!localhost:8021!localhost:50821!anonymous@localhost;1042684859
01/16 10:41:38.94 [7934] 1+0: FTP server ftp://192.168.88.10:21/
01/16 10:41:38.94 [7934] 1+0: FTPHOPS: 1 [8/36 - -1/-1]
01/16 10:41:38.94 [7934] 1+0: ConnectToServer: DFLT=ftp://192.168.88.10:21 REAL=://:0
01/16 10:41:38.94 [7934] 1+0: ConnectToServer connected [20] {192.168.88.10:21 <- 192.168.168.15:50827} [0.001s]
01/16 10:42:39.61 [7934] 1+0/2: LoginPWD: "/"
01/16 10:42:39.61 [7934] 1+0/2: ftp_conndata: connected 192.168.168.15:50826->m10.ca-jc.com/192.168.88.10:4010 [21]
01/16 10:42:39.61 [7934] 1+0/2: -- with PASV
01/16 10:42:39.61 [7934] 1+0/2: PORT [127,0,0,1,198,146] >> 200 PORT command successful [translated to PASV by DeleGate].^M
01/16 10:42:39.61 [7934] 1+0/3: ftp_conndata: connected 127.0.0.1:8020->localhost/127.0.0.1:50834 [22]
01/16 10:42:39.62 [7935] 1+0/3: -- Fork(FTOCL): 7934 -> 7935
=======================
01/16 10:42:39.62 [7935] 1+0/3: #### execFilter[FTOCL] /usr/local/sbin/ftpfilter
=======================
01/16 10:42:39.68 [7934] 1+0/3: FTP data-relay([21]832cb -> [24]8000b) 102b / 1/ 0.01s (read-EOF)
01/16 10:43:40.58 [7934] 1+0/6: ftp_conndata: connected 192.168.168.15:50826->m10.my.com/192.168.88.10:4011 [21]
01/16 10:43:40.58 [7934] 1+0/6: PORT [127,0,0,1,198,153] >> 200 PORT command successful [translated to PASV by DeleGate].^M
01/16 10:43:40.58 [7934] 1+0/7: #### close data connection because of error.
01/16 10:43:54.85 [7934] 1+0/8: #### DSV[-1] PSV[21]
01/16 10:43:54.85 [7934] 1+0/8: PORT [127,0,0,1,198,156] >> 200 PORT command successful [reusing].^M
01/16 10:43:54.86 [7934] 1+0/10: ftp_conndata: connected 127.0.0.1:8020->localhost/127.0.0.1:50844 [22]
01/16 10:43:54.86 [7939] 1+0/10: -- Fork(FTOCL): 7934 -> 7939
======================
01/16 10:43:54.86 [7939] 1+0/10: #### execFilter[FTOCL] /usr/local/sbin/ftpfilter
======================
01/16 10:43:54.92 [7934] 1+0/10: FTP data-relay([21]832cb -> [24]8000b) 32b / 1/ 0.01s (read-EOF)
01/16 10:44:28.20 [7934] 1+0/12: ftp_conndata: connected 192.168.168.15:50826->m10.my.com/192.168.88.10:4012 [21]
01/16 10:44:28.20 [7934] 1+0/12: PORT [127,0,0,1,198,160] >> 200 PORT command successful [translated to PASV by DeleGate].^M
01/16 10:44:28.21 [7934] 1+0/13: ftp_conndata: connected 127.0.0.1:8020->localhost/127.0.0.1:50848 [22]
01/16 10:44:28.21 [7941] 1+0/13: -- Fork(FTOCL): 7934 -> 7941
=======================
01/16 10:44:28.21 [7941] 1+0/13: #### execFilter[FTOCL] /usr/local/sbin/ftpfilter
=======================
01/16 10:44:28.28 [7934] 1+0/13: FTP data-relay([21]832cb -> [24]8000b) 57b / 1/ 0.02s (read-EOF)
01/16 10:44:28.28 [7934] 1+0/13: bind_insock(21,127.0.0.1,0) = 0, errno=0
01/16 10:44:28.28 [7934] 1+0/13: ## connect[21] refused (146)
01/16 10:44:28.28 [7934] 1+0/13: ### IDENT CONNECT(localhost:113) TIMEOUT(1000ms) (146)
01/16 10:44:28.28 [7934] 1+0/13: XFERLOG: Thu Jan 16 10:44:28 2003 0 localhost 57 //192.168.88.10/tmp/bqq.txt b _ o a jhg ftp 0 * N
01/16 10:44:39.57 [7934] 1+0/14: disconnected [36] -@[127.0.0.1]localhost:50821 (220.266s)(0)




----- Original Message ----- 
From: "Wu Jiafu" <jeff@ca-jc.com>
Newsgroups: mail-lists.delegate-en
Cc: <jeff@ca-jc.com>
Sent: Wednesday, January 15, 2003 8:32 PM
Subject: [DeleGate-En] Filter not activated in PROXY="proxy:port:*" case


> Hi,
> 
> I run 2 delegates in chain like this:
> 
> ftp client <-> deledate1 <-> delegate2 <-> internet
> 
> (for security issue, ftp client can only access delegate1 and delegate1 can't access internet directly)
> 
> 
> delegate1#./delegate -P8021 SERVER=ftp PROXY="delegate2:8021:*" PERMIT="*:*:*" CMAP="filter":FTOCL:ftp-data CMAP="filter":FTOSV:ftp-data
> 
> delegate2#./delegate -P8021 SERVER=ftp PERMIT="*:*:*" CMAP="filter":FTOCL:ftp-data CMAP="filter":FTOSV:ftp-data
> 
> but i found that the filter was not activated on both delegates. the ftp data will not be check by the filter
> 
> but if it is
> 
> ftp client <-> delegate2 <-> internet
> 
> the filter on delegate2 works fine.
> 
> would you please give me some suggestion?
> 
> Thanks a lot!
> 
> Jeff
> 
> 

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V