Forum Discussion
FTp proxy via iRule
Hello,
I'm trying to do an anonymous ftp connection through an F5 irule.
My logs of the irule look like this:
Rule /Common/iRule_ftp_proxy <CLIENT_ACCEPTED>: client FTP accepted
Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: client payload - USER anonymous@193.190.198.27
Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: sitename:193.190.198.27 - cmd:USER - uid:anonymous
Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: address 193.190.198.27 port 21
Rule /Common/iRule_ftp_proxy <SERVER_CONNECTED>: connected to server
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 220-Welcome to the Belnet public FTP server ftp.belnet.be ! This server is located in Brussels, Belgium and operated by Belnet, the Belgian Education and Research Network. If you have any problem, question or mirror request, please send them to ftpmaint@belnet.be. This archive is available through the following means: RSYNC rsync://rsync.belnet.be (IPv4) HTTP http://ftp.belnet.be (IPv4 + IPv6) FTP ftp://ftp.belnet.be (IPv4 + IPv6)
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server found 220 ok
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload Note: opening too many parallel connections to this host is considered an abuse. All access is logged. Currently used storage capacity : 34T / 100T on /ftp 220 193.190.198.27 FTP server ready
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 331 Anonymous login ok, send your complete email address as your password
When I check with a wireshark capture on my client; the '331 Anonymous login ok, send your complete email address as your password' never reaches the client. Without the proxy, it does reach the client and filezilla knows how to deal with it.
This is my server_data in the irule;
when SERVER_DATA {
if { $static::debug } { log local0. "server payload [TCP::payload]" }
if { [TCP::payload] starts_with "220" }{
if { $static::debug } { log local0. "server found 220 ok" }
TCP::respond "USER $uid\r\n"
TCP::payload replace 0 [TCP::payload length] ""
}
TCP::release
TCP::collect
}
I also tried modifying the rule like this:
when SERVER_DATA {
if { $static::debug } { log local0. "server payload [TCP::payload]" }
if { [TCP::payload] starts_with "220" }{
if { $static::debug } { log local0. "server found 220 ok" }
TCP::respond "USER $uid\r\n"
TCP::payload replace 0 [TCP::payload length] ""
}
if { [TCP::payload] starts_with "331" }{
TCP::respond "PASS $uid@example.com\r\n"
TCP::payload replace 0 [TCP::payload length] ""
}
TCP::release
TCP::collect
}
This get's me one step further, but I'm still not able to connect.
When I check with a wireshark capture on my client; the '331 Anonymous login ok, send your complete email address as your password' never reaches the client. Without the proxy, it does reach the client and filezilla knows how to deal with it.
Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 230 Anonymous access granted, restrictions apply
Why is the '331 server_data' not being forwarded to my client so it can respond to it, or is this the task of the proxy? And why is the '230 server data' not reaching the client?
Cheers
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com