Article delegate-en <_A1419@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Howto? SSL FTP Tunneling
15 Nov 2001 18:40:54 GMT "Bryan Dees" <>

Our FTP server accepts both SSL and non-ssl FTP off the same

So, what you are saying makes complete sense. In order
for me to relay both SFTP and FTP I had to use two separate
commands/ports, etc. using the CMAP referenced below 
wouldn't allow FTP to establish.

Command used to relay 'non-SSL' FTP:
delegated -P21 SERVER=ftp://host:10021/

Command used to relay 'SSL' SFTP
delegated -P10021 SERVER=ftp://host:10021/ \
CMAP="sslway -st:FCL:ftp:*:*" CMAP=sslway:FCL:ftp-data:*:*

I'd prefer to allow my customers to connect to the same port
for FTP and SFTP.

Do you think you'll be able to apply those fixes soon?

Thank You,


-----Original Message-----
From: []
Sent: Thursday, November 15, 2001 9:32 AM
Cc: Bryan Dees
Subject: Re: [DeleGate-En] Howto? SSL FTP Tunneling


Thank you for your sending detailed log.  Inspecting it I found
that there are tow problems or bugs in FTP-DeleGate.

- DeleGate does not start SSL session (by inserting FSV filter)
  for ftp-data connection until it starts relaying data after sending
  command for retrieve like LIST or RETR.  But the server expects
  SSL session started before retrieval command, or it rejects the
  retrieval command.  The behavior of DeleGate must be fixed but
  the modification can be a little bit difficult.
- DeleGate does not insert FSV for ftp-data if FCL for ftp-data is
  already inserted.  This is a simple bug and can easily be fixed.

On 11/15/01(08:57) you "Bryan Dees" <> wrote
in <_A1417@delegate-en.ML_>
 |I finaly got it all to work!
 |# Proxy SSL FTP
 |  delegated \
 |  -P10021 \
 |  SERVER=  \
 |  # Proxy SSL FTP
$DGROOT/src/delegated \
  -P10021 \
  SERVER=ftp://$FTPSVR/  \
  CMAP="sslway -st:FCL:ftp:*:*" CMAP=sslway:FCL:ftp-data:*:*

Maybe it worked because your FTP server accepts both non-SSL and SSL
mode, and you used non-SSL mode dropping FSV filter to bypass the above
bugs of DeleGate.  This will be enough in your case because SSL seems
not neccessary between your DeleGate and the FTP server.

 |I took out the CMAP for FSV and added the ending *:* fields to the
 |FCL command.

But I'm not sure why the *:* is neccesary...

  @ @ Yutaka Sato <>
 ( - ) National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]