Hi delegate experts,
we have a problem with the right configuration of delegate for routing ftp
over a ssh line.
:xxxxxxxxxxxLinux Serverxxxxxxxxxxxxxxxxxxxxxxxx: Internet
:x Windows 2000 Serverx: Local Lan : AS/400 IBM
:ftpclientprogram:------:delegate:---:ssh client:-----x ssh line via port
forwarding x---firewall-----:delegate:-:sshd:------:-------------: ftp
We have a linux server with the ftp clientprogramm and delegate and ssh
client directly connected to internet.
We have a w2k server behind a firewall with a ssh demon. This server
should connect to the internal AS/400 ftp server.
We want a secured acess via ssh through the internet to the w2k server to
make ftp commands to the AS/400. Both the ftp command channel (port 21)
and the data channel should go through an encrypted ssh link.
The delegate at the w2k server should hide the AS/400 to the external
client and restrict the access to only the AS/400.
We thought that delegate is useful for such a requirement. We tried the
configuration examples from the mail archive here and the manual with the
tunnel option and the master option. None of them worked.
The tunnel version gaves an error msg. on the w2k server (fork() not
available) as michael brohl mentioned in a previous mail.
The master option as mentioned in "[DeleGate-En] Re: Is there SSH version
for Delegate" didn't work, because the local delegate client makes no
connection to the remote delegate master. It always serves the ftp
requests directly to the destination server.
Is our configuration not for delegate or have we forgotten something.
Some questions left:
Should we use the passive mode at the client to have not connections from
the ftp server to the client? And when where (delegate master or client)?
When a client delegate routes ftp requests to a upstream delegate master
throug a port forwarded by ssh port forwarding, whats about the data
Is the tunneling option in delegate to have both ftp control and data
connection over one tunnel connection?
Why needs the tunneling option in delegate the tty7 io redirection and
cannot use a tcp connection i.e. forwarden via ssh?
ﾎs the sockmux option in delegate a possible solution?
In our example we have only one ftp client connectedt to one server.
Performance in't an issue. Only security is important.
It would be very helpful for us if you have a solution for us with
delegate. It seems to be a great work at all with support for all these
protocols and configuration options.
Agrenon GmbH , a Subsidiary of Lynx Consulting AG
Johanniskirchplatz 6, D-33615 Bielefeld, Germany
Tel. +00 (000) 0000-f, Fax.+49 (000) 0000-00F, Mobile +49(000)000000F