Forum Discussion

hmprox's avatar
hmprox
Icon for Nimbostratus rankNimbostratus
Mar 12, 2021

FTp proxy via iRule

Hello,

I'm trying to do an anonymous ftp connection through an F5 irule.

My logs of the irule look like this:

Rule /Common/iRule_ftp_proxy <CLIENT_ACCEPTED>: client FTP accepted
Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: client payload - USER anonymous@193.190.198.27
Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: sitename:193.190.198.27 - cmd:USER - uid:anonymous
Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: address 193.190.198.27 port 21
Rule /Common/iRule_ftp_proxy <SERVER_CONNECTED>: connected to server
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 220-Welcome to the Belnet public FTP server ftp.belnet.be !     This server is located in Brussels, Belgium and operated by Belnet, the Belgian  Education and Research Network. If you have any problem, question or mirror   request, please send them to ftpmaint@belnet.be.     This archive is available through the following means:     RSYNC rsync://rsync.belnet.be (IPv4)  HTTP http://ftp.belnet.be (IPv4 + IPv6)  FTP ftp://ftp.belnet.be (IPv4 + IPv6)
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server found 220 ok
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload    Note: opening too many parallel connections to this host is considered an abuse.   All access is logged.         Currently used storage capacity : 34T / 100T on /ftp 220 193.190.198.27 FTP server ready 
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 331 Anonymous login ok, send your complete email address as your password

When I check with a wireshark capture on my client; the '331 Anonymous login ok, send your complete email address as your password' never reaches the client. Without the proxy, it does reach the client and filezilla knows how to deal with it.

This is my server_data in the irule;

when SERVER_DATA {
   if { $static::debug } { log local0. "server payload [TCP::payload]" }
   if { [TCP::payload] starts_with "220" }{
       if { $static::debug } { log local0. "server found 220 ok" }
       TCP::respond "USER $uid\r\n"
       TCP::payload replace 0 [TCP::payload length] ""
   }
   TCP::release
   TCP::collect
}

I also tried modifying the rule like this:

when SERVER_DATA {
   if { $static::debug } { log local0. "server payload [TCP::payload]" }
   if { [TCP::payload] starts_with "220" }{
       if { $static::debug } { log local0. "server found 220 ok" }
       TCP::respond "USER $uid\r\n"
       TCP::payload replace 0 [TCP::payload length] ""
   }
   if { [TCP::payload] starts_with "331" }{
       TCP::respond "PASS $uid@example.com\r\n"
       TCP::payload replace 0 [TCP::payload length] ""
   }
   TCP::release
   TCP::collect
}

This get's me one step further, but I'm still not able to connect.

When I check with a wireshark capture on my client; the '331 Anonymous login ok, send your complete email address as your password' never reaches the client. Without the proxy, it does reach the client and filezilla knows how to deal with it.
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 230 Anonymous access granted, restrictions apply

Why is the '331 server_data' not being forwarded to my client so it can respond to it, or is this the task of the proxy? And why is the '230 server data' not reaching the client?

Cheers

No RepliesBe the first to reply