Article delegate-en/4623 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Delegate 9.9.5: how to give public IP in PASV response?
09 Nov 2009 15:26:01 GMT HD Sorgenia | Andrea `Zuse' Balestrero <pkyiqbdyi-p5lznxpdmzxr.ml@ml.delegate.org>



Hi.
I'm configuring delegate v9.9.5 as reverse proxy for FTP / FTPS.

In FTPS mode, our firewall does NAT, but no FTP protocol inspection
is done (encrypted traffic does not permit it).

So, in passive mode, PASV command response is somewhing like the
following:

----------------------------
[FTPS session, passive mode]
Command:	PASV
Response:	227 Entering Passive Mode (192,168,250,21,117,48).
----------------------------

Port 117*256+48 = 30000 is the correct port number, set by using
command SRCIF="*:30000-30050:ftp-data" .

But the IP address in PASV response is our Delegate private address,
behind static NAT.

We'd like to respond with the correct IP address (public, that is
the IP reachable from clients on the Internet).

In FTPS our firewall is unable to make any translation inside the
protocol (in packet payload).

So we have to tell Delegate to give PASV responses directly with
public IP address.

Is it possible?
How?

Thank you in advance for your help.

--------------------------------------------------------
Andrea Balestrero
Mail: pkyiqbdyi-p5lznxpdmzxr.ml@ml.delegate.org
Web: www.youus.it
YOUUS SRL - Via Cappuccini, 8 - 20122 Milano - Italy
--------------------------------------------------------



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V