Article delegate-en/4487 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP client to implicit FTPS server
05 Jun 2009 10:11:03 GMT Marvin <pn4iqbdyi-c2jtqbdaqbvr.ml@ml.delegate.org>



I see what you mean. I need to connect through active ftp to this server
however it seems that this server also accepts ftps connections throwing
delegate off. Is there a way to force a ftp instead of ftps connection for a
specific server?

Thanks for your help, really appreciate it.

> From: Yutaka Sato <feedback@delegate.org>
> Organization: The DeleGate Project
> Reply-To: <feedback@delegate.org>
> Date: Fri,  5 Jun 2009 17:55:13 +0900 (JST)
> To: <feedback@delegate.org>
> Cc: <feedback@delegate.org>, Marvin Tapessur <pn4iqbdyi-c2jtqbdaqbvr.ml@ml.delegate.org>
> Subject: Re: [DeleGate-En] FTP client to implicit FTPS server
> 
> Hi,
> 
> In message <_A4482@delegate-en.ML_> on 06/04/09(03:50:45)
> you Marvin <pn4iqbdyi-c2jtqbdaqbvr.ml@ml.delegate.org> wrote:
>  |Below the logging of a failed active connection:
> 
> I can't see why this problem is described as:
>> The STLS="-fsv,im=0.5" breaks 'normal' ftp connections using PORT.
>> PASV connections work just fine.
> 
> What does "normal ftp connection" mean ?  First I thought it as the
> non-SSL connection, but your broken PORT connection seems SSL based.
> How "PASV" works fine?  Compareing the LOGFILEs of "PORT" and "PASV"
> for the same server and file will give us real hints.
> LOGFILE with "-vd" option will give us more useful hints.
> Your connection problem seems to be caused by NAT or firewall or so,
> so the network configurations around your DeleGate and the target FTP
> server is necessary to understand what is going.
> 
> A possible description of your problem is "the target FTP server
> (what is it?) cannot connect back to DeleGate's host to establish
> a PORT data-connection (in FTPS mode)".  It might becuase the PORT
> command cannot be rewritten by the firewall because it is encrypted
> in SSL.  If it is the case, there might be nothing DeleGate can do.
> 
> Cheers,
> Yutaka
> --
>   9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
>  ( ~ )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
> 
>  |06/03 20:46:10.26 [7541] 1+0/2: ## SSLway ## 0.079057 connected/accepted
>  |06/03 20:46:10.26 [7541] 1+0/2: ## SSLway server's cert. =
>  |**subject<</C=UK/O=BLA/OU=BLA FTP Server/CN=FTP3.bla.com>>
>  |**issuer<</C=UK/O=BLA/OU=BLA FTP Server/CN=FTP3.bla.com>>
>  |06/03 20:46:10.42 [7541] 1+0/2: LoginPWD: "/ftp/user"
>  |06/03 20:46:10.73 [7541] 1+0/5/3: ## viaCFI [mkPASV]: fileno(ts)=25 ToSX=26
>  |06/03 20:46:10.75 [7541] 1+0/5/3: ## viaCFI [mkPASV]: fileno(ts)=25 ToSX=26
>  |06/03 20:46:10.76 [7541] 1+0/5/3: {R} SOA got
>  |[10.in-addr.arpa][localhost][root] 1 604800 86400 2419200 604800
>  |06/03 20:46:20.76 [7541] 1+0/5/3: ## connect[27] TIMEOUT(10000)
>  |06/03 20:46:20.76 [7541] 1+0/5/3: *** CON_TIMEOUT: 10.00/10s ->
>  |10.202.5.6:1498
>  |06/03 20:46:20.76 [7541] 1+0/5/3: ftp_conndata: connection refused
>  |107.112.114.21:33495->10.202.5.6/10.202.5.6:1498, errno=110
>  |06/03 20:46:20.76 [7541] 1+0/5/3: ftp_conndata: retry without port# (33495)
>  |06/03 20:46:30.77 [7541] 1+0/5/3: ## connect[27] TIMEOUT(10000)
>  |06/03 20:46:30.77 [7541] 1+0/5/3: *** CON_TIMEOUT: 10.00/10s ->
>  |10.202.5.6:1498
>  |06/03 20:46:30.77 [7541] 1+0/5/3: ftp_conndata: connection refused
>  |107.112.114.21:57720->10.202.5.6/10.202.5.6:1498, errno=110
>  |06/03 20:46:30.77 [7541] 1+0/5/3: ## viaCFI [mkPORT]: fileno(ts)=25 ToSX=26
>  |06/03 20:46:30.77 [7541] 1+0/5/3: FTP-control-remote: 123.12.122.51:21 [26]
>  |06/03 20:46:30.77 [7541] 1+0/5/3: FTP-data-local[27]: 107.112.114.21:39365
>  |06/03 20:46:30.79 [7541] 1+0/5/3: PORT [10,235,108,74,49,34] >> 200 Port
>  |request OK.^M
> 
> In message <_A4483@delegate-en.ML_> on 06/04/09(03:56:28)
> you Marvin <pn4iqbdyi-c2jtqbdaqbvr.ml@ml.delegate.org> wrote:
>  |And this is one of a succesful connection with STLS removed. I'm using
> ...
>  |06/03 20:54:42.08 [7774] 2+0/5/3: ## ftp-conndata: NOT bound#1 err=98
>  |06/03 20:54:52.09 [7774] 2+0/5/3: ## connect[26] TIMEOUT(10000)
>  |06/03 20:54:52.09 [7774] 2+0/5/3: *** CON_TIMEOUT: 10.00/10s ->
>  |123.12.122.51:1500
>  |06/03 20:54:52.09 [7774] 2+0/5/3: ftp_conndata: connection refused
>  |107.112.114.21:42233->ftp3.bla.com/123.12.122.51:1500, errno=110
>  |06/03 20:54:52.09 [7774] 2+0/5/3: FTP-control-remote: 123.12.122.51:21 [25]
>  |06/03 20:54:52.09 [7774] 2+0/5/3: FTP-data-local[26]: 107.112.114.21:50650
>  |06/03 20:54:52.11 [7774] 2+0/5/3: PORT [10,235,108,74,49,36] >> 200 Port
>  |request OK.^M
>  |06/03 20:54:52.22 [7774] 2+0/6/4: FTP-CACHE: LIST [] = [][]:0
>  |06/03 20:54:52.22 [7774] 2+0/6/4: --SU NONE
>  |/var/spool/delegate-nobody/sudo/port/P
>  |06/03 20:54:52.22 [7774] 2+0/6/4: ## command not found: dgbind
>  |06/03 20:54:52.22 [7774] 2+0/6/4: ## ftp-conndata: NOT bound#1 err=13
>  |06/03 20:54:52.22 [7774] 2+0/6/4: ftp_conndata: connected
>  |10.235.253.21:37861->eupdwsappb308.acme.corp/10.235.108.74:12580 [26](0.0)
>  |06/03 20:54:52.22 [7774] 2+0/6/4: DATA 123.12.122.51:20 ->
>  |107.112.114.21:50650 .. 10.235.253.21:37861 -> 10.235.108.74:12580
>  |06/03 20:54:52.22 [7774] 2+0/6/4: FTP data-relay([27]15554b -> [26]10000b)
>  |509b / 1/ (6) 0.00s (read-EOF)
> 



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V