Sure, here's the Delegate log: 11/14 12:30:08.83 [23970] 0+0: --INITIALIZATION DONE-- 11/14 12:30:23.86 [23970] 0+0: AcceptByMain: TIMEOUT(children=0, timeout=15) 11/14 12:30:45.08 [23973] 1+0: -- Fork(OnetimeServer): 23970 -> 23973 11/14 12:30:45.09 [23973] 1+0: HOSTS[2]=/156.137.12.90 11/14 12:30:45.09 [23973] 1+0: -- SockHost: [156.137.12.90] 156.137.12.90:10021 11/14 12:30:45.10 [23973] 1+0: *** gethostbyaddr(156.137.12.76): nbhd.abf.ad.airborne.com / 0.00 secs. has_alias:0 11/14 12:30:45.10 [23973] 1+0: HOSTS[3]=nbhd.abf.ad.airborne.com/156.137.12.76 11/14 12:30:45.10 [23973] 1+0: SPECIALIST: ftp 11/14 12:30:45.10 [23973] 1+0: #### newRoute[USERIDENT] 0/16 11/14 12:30:45.10 [23973] 1+0: [0] USERIDENT=://:0-_-{}:{} 11/14 12:30:45.10 [23973] 1+0: dirfopen(/usr/local/delegate7.5.4/act/clients/21/156.137.12.76:nbhd.abf. ad.airborne.com,r+): 0 [-1] 11/14 12:30:45.10 [23973] 1+0: dirfopen(/usr/local/delegate7.5.4/act/clients/21/156.137.12.76:nbhd.abf. ad.airborne.com,w+): 8172e90 [15] 11/14 12:30:45.10 [23973] 1+0: (0) accepted [36] -@[156.137.12.76]nbhd.abf.ad.airborne.com:3029 (0.016s)(1) 11/14 12:30:45.10 [23973] 1+0: ## gotFilter[FCL][sslway -st] 11/14 12:30:45.10 [23973] 1+0: ### [0] sslway 0 11/14 12:30:45.10 [23973] 1+0: ### [1] /usr/local/delegate7.5.4/sslway 0 11/14 12:30:45.10 [23973] 1+0: ### [2] /usr/local/delegate7.5.4/lib/sslway 8173730 11/14 12:30:45.10 [23973] 1+0: LIBPATH: sslway -> /usr/local/delegate7.5.4/lib/sslway 11/14 12:30:45.10 [23973] 1+0: #### [/usr/local/delegate7.5.4/lib/sslway](2) sslway -st 11/14 12:30:45.10 [23973] 1+0: CFI: [/usr/local/delegate7.5.4/lib/sslway]sslway -st -> /usr/local/delegate7.5.4/lib/sslway 11/14 12:30:45.10 [23973] 1+0: dirfopen(/usr/local/delegate7.5.4/adm/shutout/0.0.0.0,r): 0 [-1] 11/14 12:30:45.10 [23974] 1+0: -- Fork(FCL): 23973 -> 23974 11/14 12:30:45.10 [23974] 1+0: #### execFilter[FCL] [/usr/local/delegate7.5.4/lib/sslway]sslway -st 11/14 12:30:45.10 [23974] 1+0: #### [/usr/local/delegate7.5.4/lib/sslway](2) sslway -st 11/14 12:30:45.10 [23974] 1+0: FCL arg[0] sslway 11/14 12:30:45.10 [23974] 1+0: FCL arg[1] -st 11/14 12:30:45.11 [23973] 1+0: KeepAlive[15] = 1 11/14 12:30:45.11 [23973] 1+0: execGeneralist->execSpecialist 11/14 12:30:45.11 [23973] 1+0: PATH: ftp://goahp85.airborne.com:10021!156.137.12.90:10021!nbhd.abf.ad.airborn e.com:3029!anonymous@nbhd.abf.ad.airborne.com;1005769845 11/14 12:30:45.13 [23973] 1+0: FTP server ftp://goahp85.airborne.com:10021/ 11/14 12:30:45.13 [23973] 1+0: FTPHOPS: 1 [15/15 - -1/-1] 11/14 12:30:45.13 [23973] 1+0: [1/4] ADDR MATCH: 156.137.12.76 += 127.0.0.1 ? 11/14 12:30:45.13 [23973] 1+0: [1/4] ==> 0 (RELIABLE/SRC nbhd.abf.ad.airborne.com) 11/14 12:30:45.13 [23973] 1+0: [2/4] ADDR MATCH: 156.0.0.0 += 127.0.0.0 ? 11/14 12:30:45.13 [23973] 1+0: [2/4] ==> 0 (RELIABLE/SRC nbhd.abf.ad.airborne.com) 11/14 12:30:45.13 [23973] 1+0: [3/4] .i (IncomingIF) = 156.137.12.90 11/14 12:30:45.13 [23973] 1+0: [3/4] ADDR MATCH: 156.137.0.0 += 156.137.0.0 ? 11/14 12:30:45.14 [23973] 1+0: [3/4] ==> 1 (RELIABLE/SRC nbhd.abf.ad.airborne.com) 11/14 12:30:45.14 [23973] 1+0: #### newRoute[REACHABLE] 0/16 11/14 12:30:45.14 [23973] 1+0: [0] REACHABLE=://:0-_-{}:{} 11/14 12:30:45.14 [23973] 1+0: PERMITTED: ftp://goahp85.airborne.com 11/14 12:30:45.14 [23973] 1+0: dirfopen(/usr/local/delegate7.5.4/act/servers/cc/ftp-anonymous-goahp85.a irborne.com-10021-0,r+): 0 [-1] 11/14 12:30:45.14 [23973] 1+0: ConnectToServer: DFLT=ftp://goahp85.airborne.com:10021 REAL=://:0 11/14 12:30:45.14 [23973] 1+0: gethostbyname(goahp85.airborne.com). 11/14 12:30:45.14 [23973] 1+0: *** gethostbyname(goahp85.airborne.com): goahp85.airborne.com / 0.00 secs. has_alias:0 11/14 12:30:45.14 [23973] 1+0: HOSTS[4]=goahp85.airborne.com/156.137.6.30 11/14 12:30:45.14 [23973] 1+0: ConnectToServer connect ftp://goahp85.airborne.com:10021 11/14 12:30:45.14 [23973] 1+0: ConnectToServer connected [16] {156.137.6.30:10021 <- 156.137.12.90:1288} [0.001s] 11/14 12:30:45.14 [23973] 1+0: KeepAlive[16] = 1 11/14 12:30:45.14 [23973] 1+0: ## gotFilter[FSV][sslway -st] 11/14 12:30:45.14 [23973] 1+0: ### [0] sslway 0 11/14 12:30:45.14 [23973] 1+0: ### [1] /usr/local/delegate7.5.4/sslway 0 11/14 12:30:45.14 [23973] 1+0: ### [2] /usr/local/delegate7.5.4/lib/sslway 8174380 11/14 12:30:45.14 [23973] 1+0: LIBPATH: sslway -> /usr/local/delegate7.5.4/lib/sslway 11/14 12:30:45.14 [23973] 1+0: #### [/usr/local/delegate7.5.4/lib/sslway](2) sslway -st 11/14 12:30:45.14 [23973] 1+0: CFI: [/usr/local/delegate7.5.4/lib/sslway]sslway -st -> /usr/local/delegate7.5.4/lib/sslway 11/14 12:30:45.14 [23975] 1+0: -- Fork(FSV): 23973 -> 23975 11/14 12:30:45.15 [23975] 1+0: #### execFilter[FSV] [/usr/local/delegate7.5.4/lib/sslway]sslway -st 11/14 12:30:45.15 [23975] 1+0: #### [/usr/local/delegate7.5.4/lib/sslway](2) sslway -st 11/14 12:30:45.15 [23975] 1+0: FSV arg[0] sslway 11/14 12:30:45.15 [23975] 1+0: FSV arg[1] -st ## SSLway[23975](nbhd.abf.ad.airborne.com) STARTTLS to server -- FTP 11/14 12:30:46.93 [23973] 1+0: FTP-SERVER-SAYS: 220 <<<CONNECT:Enterprise for UNIX 1.1.00 Secure FTP>>> at goahp85 FTP server ready. Time = 11:33:02^M 11/14 12:30:46.93 [23973] 1+0: D_FTPHOPS (1) 156.137.12.90 ## SSLway[23974](nbhd.abf.ad.airborne.com) STARTTLS to client -- FTP ## SSLway[23974](nbhd.abf.ad.airborne.com) STARTTLS prologue: S-C: 220-extended FTP [MODE XDC][XDC/BASE64][PIPELINE] (1) 156.137.12.90 11/14 12:30:46.93 [23973] 1+0: service_ftp: start PollIns=[16,15] ## SSLway[23975](nbhd.abf.ad.airborne.com) STARTTLS to server -- 234 AUTH TLS-C/TLS OK. ## SSLway[23974](nbhd.abf.ad.airborne.com) STARTTLS prologue: C-S: [AUTH][SSL] ## SSLway[23974](nbhd.abf.ad.airborne.com) AUTH TLS from FTP client -- OK ## SSLway[23975](nbhd.abf.ad.airborne.com) server's cert. = **subject<</C=US/ST=Washington/L=Seattle/O=Airborne Express/OU=PCS/CN=goahp85.airborne.com>> **issuer<</C=ZA/ST=FOR TESTING PURPOSES ONLY/O=Thawte Certification/OU=TEST TEST TEST/CN=Thawte Test CA Root>> 11/14 12:30:58.17 [23973] 1+0/1: #### USER nbhd^M 11/14 12:30:58.17 [23973] 1+0/1: I-SAY: USER nbhd^M 11/14 12:30:58.20 [23973] 1+0/1: FTP-SERVER-SAYS: 331 Password required for nbhd.^M 11/14 12:30:58.20 [23973] 1+0/1: service_ftp: start PollIns=[16,15] 11/14 12:30:58.27 [23973] 1+0/2: #### PASS ****** 11/14 12:30:58.27 [23973] 1+0/2: I-SAY: PASS ******** 11/14 12:30:58.44 [23973] 1+0/2: FTP-SERVER-SAYS: 230 CONNECT:Enterprise for UNIX login ok, access restrictions apply.^M 11/14 12:30:58.44 [23973] 1+0/2: service_ftp: start PollIns=[16,15] 11/14 12:30:58.74 [23973] 1+0/3: #### SYST^M 11/14 12:30:58.74 [23973] 1+0/3: FTP-SERVER-SAYS: 257 "/nbhd" is current directory.^M 11/14 12:30:58.74 [23973] 1+0/3: LoginPWD: "/nbhd" 11/14 12:30:58.74 [23973] 1+0/3: I-SAY: SYST^M 11/14 12:30:58.74 [23973] 1+0/3: FTP-SERVER-SAYS: 215 UNKNOWN Type: L8^M 11/14 12:30:58.74 [23973] 1+0/3: service_ftp: start PollIns=[16,15] 11/14 12:30:58.83 [23973] 1+0/4: #### PWD^M 11/14 12:30:58.83 [23973] 1+0/4: I-SAY: PWD^M 11/14 12:30:58.84 [23973] 1+0/4: FTP-SERVER-SAYS: 257 "/nbhd" is current directory.^M 11/14 12:30:58.84 [23973] 1+0/4: service_ftp: start PollIns=[16,15] 11/14 12:31:00.11 [23970] 1+0: AcceptByMain: TIMEOUT(children=1, timeout=15) 11/14 12:31:08.00 [23973] 1+0/5: #### PASV^M 11/14 12:31:08.00 [23973] 1+0/5: ## viaCFI: ToC=15 ClientSock=36 11/14 12:31:08.00 [23973] 1+0/5: FTP-control-remote: 156.137.12.90:10021 11/14 12:31:08.00 [23973] 1+0/5: ##NOT ViaSocks-B## 156.137.12.90:0 11/14 12:31:08.00 [23973] 1+0/5: listen(19,1) OK. 11/14 12:31:08.00 [23973] 1+0/5: FTP-data-local[19]: 156.137.12.90:10020 11/14 12:31:08.00 [23973] 1+0/5: I-SAY: PASV^M 11/14 12:31:08.00 [23973] 1+0/5: FTP-SERVER-SAYS: 227 Entering Passive Mode (156,137,6,30,222,107)^M 11/14 12:31:08.00 [23973] 1+0/5: ## viaCFI [mkPASV]: fileno(ts)=16 ToSX=17 11/14 12:31:08.00 [23973] 1+0/5: ##NOT ViaSocks-B## 156.137.6.30:56939 11/14 12:31:08.00 [23973] 1+0/5: ftp_conndata: connected 156.137.12.90:1287->goahp85.airborne.com/156.137.6.30:56939 [20] 11/14 12:31:08.00 [23973] 1+0/5: KeepAlive[20] = 1 11/14 12:31:08.00 [23973] 1+0/5: -- with PASV 11/14 12:31:08.00 [23973] 1+0/5: PASV [156,137,12,90,39,36] >> 227 Entering Passive Mode (156,137,12,90,39,36) DeleGate[B].^M 11/14 12:31:08.00 [23973] 1+0/5: service_ftp: start PollIns=[16,15] 11/14 12:31:08.11 [23973] 1+0/6: #### LIST^M 11/14 12:31:08.11 [23973] 1+0/6: I-SAY: LIST^M 11/14 12:31:08.12 [23973] 1+0/6: FTP-SERVER-SAYS: 521 Data connection can not be opened with this PROT setting.^M 11/14 12:31:08.12 [23973] 1+0/6: #### close data connection because of error. 11/14 12:31:08.12 [23973] 1+0/6: service_ftp: start PollIns=[16,15] _____ And heres the client log: Finding Host nbhd2 ... Connecting to 156.137.12.90:10021 Connected to 156.137.12.90:10021, Waiting for Server Response 220-extended FTP [MODE XDC][XDC/BASE64][PIPELINE] (1) 156.137.12.90 220- <<<CONNECT:Enterprise for UNIX 1.1.00 Secure FTP>>> at goahp85 FTP server ready. Time = 11:47:37 220 Host type (1): Automatic detect AUTH SSL 234 OK USER nbhd 331 Password required for nbhd. PASS (hidden) 230 CONNECT:Enterprise for UNIX login ok, access restrictions apply. SYST 215 UNKNOWN Type: L8 PWD 257 "/nbhd" is current directory. /nbhd loaded from [Directory Listing Cache]\DIR8E.tmp PASV 227 Entering Passive Mode (156,137,12,90,39,36) DeleGate[B]. connecting data channel to 156.137.12.90:10020 data channel connected to 156.137.12.90:10020 LIST 521 Data connection can not be opened with this PROT setting. 521 Data connection can not be opened with this PROT setting. Thank You, Bryan Dees phueabdyi-rn3efjo2yhtr.ml@ml.delegate.org -----Original Message----- From: feedback@delegate.org [mailto:feedback@delegate.org] Sent: Wednesday, November 14, 2001 12:19 PM To: feedback@delegate.org Cc: Bryan Dees Subject: Re: [DeleGate-En] Howto? SSL FTP Tunneling Bryan, (Sorry, I sent the previous message in broken format) >Attached is a complete detailed logfile of the startup, client >establish, relay and and failure. Sorry but I don't know with what application I can read the content type: >Content-Type: application/ms-tnef; name=winmail.dat >with ftp-data I think. I get established, get one line >of data then a subsequent 521 error from FTP. Could you show me the dialog of the FTP client and the relevant log of DeleGate in a plain text, not in attachement? Cheers, Yutaka -- @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/ ( - ) National Institute of Advanced Industrial Science and Technology (AIST) _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan