Article delegate-en/4552 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] FTP extended passive mode issues
07 Sep 2009 15:33:50 GMT Sebastien Barbereau <pzaiqbdyi-t75q7lqj4njr.ml@ml.delegate.org>
ECMWF


Hi,
we are encountering a small problem when using delegated as ftp proxy
server for outgoing connections.
We want to disable the extended passive mode for the clients, to do this
we are trying to use the noxcd as FTPCONF option.
But it seems not to be working, or at least not to do what I thought.
Our clients still continue to try to use extended passive mode (which
brings up issues with the firewall). The only difference is that the
proxy ftp banner does not advertise XDC anymore.

Thanks,
Seb.

proxyb:~ # delegated -f -P172.16.64.12:21 SERVER=ftp
DGROOT=/delegated/delegate ADMIN=syc@ecmwf..
LOGDIR=log[date+/%Y/%m/%d] RELIABLE=172.16.0.0/255.255.0.0 CACHE=no  -v
-Dfb FTPCONF="noxdc"
09/07 14:23:46.00 [1305] 0+0: -- setCredhyCache /tmp/credhy_cache128s >>
/delegated/delegate/act/credhy_cache128s
09/07 14:23:46.00 [1305] 0+0: command PATH: /usr/sbin/delegated ->
/usr/sbin/delegated
09/07 14:23:46.00 [1305] 0+0: PORT> -P172.16.64.12:21
09/07 14:23:46.00 [1305] 0+0: --- [crypto] 0 dglibcrypto.so
09/07 14:23:46.01 [1305] 0+0: --- [crypto] 9E5F10 libcrypto.so.0.9.8
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional: SSL_set_SSL_CTX
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional: SSL_get_servername
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional: SSL_get_servername_type
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional: SSL_CTX_callback_ctrl
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional:
SSL_CTX_use_certificate_chain_file
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional:
SSL_CTX_set_session_id_context
09/07 14:23:46.01 [1305] 0+0: --- [crypto] optional:
SSL_CTX_set_generate_session_id
09/07 14:23:46.01 [1305] 0+0: ---- [crypto] loaded 102 syms,
unknown=47+7, already=0
09/07 14:23:46.01 [1305] 0+0: --- [ssl] 0 dglibssl.so
09/07 14:23:46.01 [1305] 0+0: --- [ssl] 9E6B70 libssl.so.0.9.8
09/07 14:23:46.01 [1305] 0+0: ---- [ssl] loaded 102 syms, unknown=0+0,
already=2
09/07 14:23:46.01 [1305] 0+0: ---- unknown = 0+0, already = 2 / 102
09/07 14:23:46.01 [1305] 0+0: +++ loaded OpenSSL 0.9.8h 28 May 2008
09/07 14:23:46.01 [1305] 0+0: ... testing resolver[SYS] with
'WWW.DeleGate.ORG'
09/07 14:23:46.01 [1305] 0+0: ... you can suppress this test by RES_WAIT=0
09/07 14:23:46.01 [1305] 0+0: ... gethostname(proxyb)
09/07 14:23:46.01 [1305] 0+0: configuring default RESOLV ...
09/07 14:23:46.01 [1305] 0+0: ... gethostname()='proxyb'
09/07 14:23:46.01 [1305] 0+0: ... SYS: proxyb -> 172.16.64.12
09/07 14:23:46.01 [1305] 0+0: ... DNS: 172.16.64.12 -> proxyb-int.ecmwf.int
09/07 14:23:46.01 [1305] 0+0: ... DNS available
09/07 14:23:46.01 [1305] 0+0: ... NIS not available (no default domain)
09/07 14:23:46.01 [1305] 0+0: ... export RES_ORDER=CFD
09/07 14:23:46.01 [1305] 0+0: {R}
confid(detected)[5841f36f47885c9b92816792a1bf0aac]<-[]
09/07 14:23:46.01 [1305] 0+0: export RESOLV=cache,file,dns (set by default)
SRCSIGN=9.9.4:20090731222035+0900:5b2a1dfc485a49c1:Author@DeleGate.ORG:DoZAjkXc2V9ZPpH2kQErXRsBiI7RmMeHE8SKMrmYIDiOlWCx9Ai4WwniP9vxEChP7HW9+MtXLSJDkbHiemS82qmkcz0ZReZhpSa/fSeWqplNwHm65cWqa5ix8KAT+qHdMYQYwFQWwGLcDtxAtlWAqZRZ8BoFUd1tswVyA6uBpnQ=
BLDSIGN=9.9.4:20090811140118+0000:5b2a1dfc485a49c1:prqjabdyi-t75q7lqj4njr.ml@ml.delegate.org:-
09/07 14:23:46.01 [1305] 0+0: --INITIALIZATION START-09090714+0000:
9.9.4 on Linux/2.6.27.29-0.1-default--
09/07 14:23:46.01 [1305] 0+0: EXECDIR=/usr/sbin
09/07 14:23:46.01 [1305] 0+0: BINSHELL=/bin/sh
09/07 14:23:46.01 [1305] 0+0: MAXIMA=delegated:64 for small mem=3430M
09/07 14:23:46.01 [1305] 0+0:
server_open(delegate,172.16.64.12:21,listen=20)
09/07 14:23:46.01 [1305] 0+0: server_open: 172.16.64.12:21
09/07 14:23:46.01 [1305] 0+0: server_open(delegate,172.16.64.12:21) BOUND
09/07 14:23:46.01 [1305] 0+0: DGROOT=/delegated/delegate^M
09/07 14:23:46.01 [1305] 0+0: <DeleGate/9.9.4> [1305] -P172.16.64.12:21
READY^M
09/07 14:23:46.01 [1305] 0+0: HostID: No-HostId-Available
<DeleGate/9.9.4> [1305] -P172.16.64.12:21 READY
Config: Linux/2.6.27.29-0.1-default; FileSize-Bits=64/64,64/32,64,64;
socket=87380/16384,++NAT; sockpair=124928/124928,1002++U; char=signed;
thread=PThread/none,0/128; stty=tcsetattr; fmem=3430/-665/3955M
DGROOT=/delegated/delegate
ADMIN=xxxxxxxxxxxxxx@ecmwf..
AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165, H18PRO-443
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2009 National Institute of Advanced Industrial
Science and Technology (AIST)
BLDSIGN=9.9.4:20090811140118+0000:5b2a1dfc485a49c1:prqjabdyi-t75q7lqj4njr.ml@ml.delegate.org:-
HostID: No-HostId-Available
Loaded: OpenSSL 0.9.8h 28 May 2008
09/07 14:23:46.01 [1305] 0+0: PORT= 172.16.64.12:21/8 (0,136)
09/07 14:23:46.01 [1305] 0+0: OWNER=nobody =>
OWNER=nobody/nobody(nobody/nobody)
09/07 14:23:46.01 [1305] 0+0: REMITTABLE = ftp
09/07 14:23:46.01 [1305] 0+0: --- [z] 0 dglibz.so
09/07 14:23:46.01 [1305] 0+0: --- [z] 0 libz.so.0.9.8
09/07 14:23:46.01 [1305] 0+0: --- [z] 0 libz.so
09/07 14:23:46.01 [1305] 0+0: --- [z] 0 libz.so.4
09/07 14:23:46.01 [1305] 0+0: --- [z] 9E63E0 libz.so.1
09/07 14:23:46.01 [1305] 0+0: --- [z] optional: gziocallback
09/07 14:23:46.01 [1305] 0+0: ---- [z] loaded 17 syms, unknown=0+1,
already=0
09/07 14:23:46.01 [1305] 0+0: +++ loaded Zlib 1.2.3
09/07 14:23:46.01 [1305] 0+0: #### gzip/gunzip = dynamically linked
09/07 14:23:46.01 [1305] 0+0: ADMIN=syc@ecmwf.. protocol=ftp(specialist)
09/07 14:23:46.01 [1305] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
09/07 14:23:46.01 [1305] 0+0: MOUNT[1]X[3] /-/* =
forbidden,from=!.RELIABLE,default
09/07 14:23:46.01 [1305] 0+0: MOUNT[2]X[0] /-* = default
09/07 14:23:46.01 [1305] 0+0: MOUNT[3]X[1] /=* = default
09/07 14:23:46.01 [1305] 0+0: MOUNT[4]X[5] //* = default
09/07 14:23:46.01 [1305] 0+0: MOUNT[5]X[4] /* file:/-stab-/*
!asproxy,default
09/07 14:23:46.01 [1305] 0+0:
StickyReport[10,11]127.0.0.127:65535><127.0.0.127:65535 124928/124928
120000/00000X
09/07 14:23:46.01 [1305] 0+0: env[54]
LIBPATH=.;/root;/delegated/delegate/lib;/usr/sbin;/delegated/delegate/etc
09/07 14:23:46.01 [1305] 0+0: env[58] RESOLV=cache,file,dns
09/07 14:23:46.01 [1305] 0+0: arg[3] SERVER=ftp
09/07 14:23:46.01 [1305] 0+0: arg[4] DGROOT=/delegated/delegate
09/07 14:23:46.01 [1305] 0+0: arg[5] ADMIN=syc@ecmwf..
09/07 14:23:46.01 [1305] 0+0: arg[6] LOGDIR=log[date+/%Y/%m/%d]
09/07 14:23:46.01 [1305] 0+0: arg[7] RELIABLE=172.16.0.0/255.255.0.0
09/07 14:23:46.01 [1305] 0+0: arg[8] CACHE=no
09/07 14:23:46.01 [1305] 0+0: arg[11] FTPCONF=noxdc
09/07 14:23:46.01 [1305] 0+0: DELEGATE_Modified[1]: 4aa51772 000000000X
09/07 14:23:46.01 [1305] 0+0: --INITIALIZATION DONE-09090714+0000: 9.9.4
on Linux/2.6.27.29-0.1-default--
09/07 14:23:46.01 [1305] 0+0: logMMap: 99C2C000 1360
09/07 14:23:46.01 [1305] 0+0: LOG-Socketpair[16,17]
09/07 14:23:53.21 [1306] 1+0: -- Fork(OnetimeServer): 1305 -> 1306
09/07 14:23:53.21 [1306] 1+0: {R} SOA got
[156.136.in-addr.arpa][ns0.ecmwf.int][dnsadmin.ecmwf.int] 2009090701
604800 86400 2419200 86400
09/07 14:23:53.21 [1306] 1+0: (0) accepted [33]
-@[172.16.124.206]172.16.124.206:58573 (0.002s)(1)
09/07 14:23:53.21 [1306] 1+0: PATH:
ftp://-:21!proxyb-int.ecmwf.int:21!172.16.124.206:58573!anonymous@172.16.124.206;1252333433
09/07 14:23:53.23 [1306] 1+0: FTP server ftp://-:21/
09/07 14:23:53.23 [1306] 1+0: *** / => file://localhost/-stab-/ ***
09/07 14:23:53.23 [1306] 1+0: MOUNTED-TO-STAB: file://localhost/-stab-/
09/07 14:23:53.23 [1306] 1+0: -- putBuiltinHTML: empty
ftp-banner-postfix.dhtml
09/07 14:23:53.23 [1306] 1+0: bind_insock(18,172.16.64.12,0) = 0, errno=0
09/07 14:23:53.23 [1306] 1+0: ### IDENT CONNECT(172.16.124.206:113)
TIMEOUT(1000ms) (111)
09/07 14:23:53.23 [1306] 1+0: #### no authorization required
09/07 14:23:58.27 [1306] 1+0/1: FTP LOGIN FROM 172.16.124.206 TO
anonymous@free..fr
09/07 14:23:58.27 [1306] 1+0/1: rewritten to: CWD //anonymous@free..fr^M
09/07 14:23:58.93 [1306] 1+0/2: FTP LOGIN FROM 172.16.124.206 TO
anonymous@free..fr
09/07 14:23:58.93 [1306] 1+0/2: PATH:
ftp://ftp.free.fr:21!proxyb-int.ecmwf.int:21!172.16.124.206:58573!anonymous@172.16.124.206;1252333433
09/07 14:23:58.94 [1306] 1+0/2: FTP server ftp://ftp.free.fr:21/
09/07 14:23:58.94 [1306] 1+0/2: FTPHOPS: 1 [8/33 - -1/-1]
09/07 14:23:58.94 [1306] 1+0/2: ConnectToServer:
DFLT=ftp://ftp.free.fr:21 REAL=://:0
09/07 14:23:58.96 [1306] 1+0/2: ConnectToServer connected [20]
{212.27.60.27:21 <- 193.61.196.142:54069} [0.015s]
09/07 14:23:58.96 [1306] 1+0/2: willSTLS_SV: ServerFlags=0
09/07 14:23:58.96 [1306] 1+0/2: inherited AsProxy: 10000
09/07 14:23:58.97 [1306] 1+0/2: willSTLS_SV: ServerFlags=0
09/07 14:23:58.99 [1306] 1+0/2: LoginPWD: "/"
09/07 14:23:59.87 [1306] 1+0/6/4: FTP-control-remote: 172.16.64.12:21 [33]
09/07 14:23:59.87 [1306] 1+0/6/4: FTP-data-local[21]: 172.16.64.12:58382
09/07 14:23:59.87 [1306] 1+0/6/4: --FTPdata reuse port# 58382
[136,156,64,12,228,14]
09/07 14:23:59.87 [1306] 1+0/6/4: ## [EPSV] restored (|||58382|)
09/07 14:23:59.89 [1306] 1+0/6/4: ftp_conndata: connected
III.III196.142:54068->ftp.proxad.net/212.27.60.27:34417 [22](0.0)
09/07 14:23:59.89 [1306] 1+0/6/4: -- with PASV
09/07 14:23:59.89 [1306] 1+0/6/4: PASV [B][|||58382|] >> 229 Entering
Extended Passive Mode (|||58382|)^M


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V