Article delegate-en/2262 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Problems using delegate for FTP'ing over ssh
28 May 2003 16:19:28 GMT p2yeabdyi-5sbstgdrvwxr.ml@ml.delegate.org


Hi delegate experts,
we have a problem with the right configuration of delegate for routing ftp 
over a ssh line.

Configuration:

:xxxxxxxxxxxLinux Serverxxxxxxxxxxxxxxxxxxxxxxxx:            Internet      
            :x Windows 2000 Serverx: Local Lan   : AS/400 IBM
:ftpclientprogram:------:delegate:---:ssh client:-----x ssh line via port 
forwarding x---firewall-----:delegate:-:sshd:------:-------------: ftp 
Server :

We have a linux server with the ftp clientprogramm and delegate and ssh 
client directly connected to internet.
We have a w2k server behind a firewall with a ssh demon. This server 
should connect to the internal AS/400 ftp server.

We want a secured acess via ssh through the internet to the w2k server to 
make ftp commands to the AS/400. Both the ftp command channel (port 21) 
and the data channel should go through an encrypted ssh link.

The delegate at the w2k server should hide the AS/400 to the external 
client and restrict the access to only the AS/400.

We thought that delegate is useful for such a requirement. We tried the 
configuration examples from the mail archive here and the manual with the 
tunnel option and the master option. None of them worked.
The tunnel version gaves an error msg. on the w2k server (fork() not 
available) as michael brohl mentioned in a previous mail.
The master option as mentioned in "[DeleGate-En] Re: Is there SSH version 
for Delegate" didn't work, because the local delegate client makes no 
connection to the remote delegate master. It always serves the ftp 
requests directly to the destination server.

Is our configuration not for delegate or have we forgotten something.

Some questions left:
Should we use the passive mode at the client to have not connections from 
the ftp server to the client? And when where (delegate master or client)?

When a client delegate routes ftp requests to a upstream delegate master 
throug a port forwarded by ssh port forwarding, whats about the data 
connection?

Is the tunneling option in delegate to have both ftp control and data 
connection over one tunnel connection?
Why needs the tunneling option in delegate the tty7 io redirection and 
cannot use a tcp connection i.e. forwarden via ssh?

ホs the sockmux option in delegate a possible solution?

In our example we have only one ftp client connectedt to one server. 
Performance in't an issue. Only security is important.

It would be very helpful for us if you have a solution for us with 
delegate. It seems to be a great work at all with support for all these 
protocols and configuration options.

Viele Gruesse
Best Regards

Dirk Osterkamp

Agrenon GmbH ,  a Subsidiary of Lynx Consulting AG
Johanniskirchplatz 6, D-33615 Bielefeld, Germany
Tel. +00 (000) 0000-f, Fax.+49 (000) 0000-00F, Mobile +49(000)000000F
E-Mail: dirk.osterkamp@agrenon..

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V