For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bob_ziuchkovsk1's avatar
bob_ziuchkovsk1
Icon for Nimbostratus rankNimbostratus
Oct 13, 2010

Request for command examples: 'listen', 'relate_client', 'relate_server'

Hi All,

 

 

I have written an iRule to transparently handle implicit and explicit FTPS termination. I've posted the rule to http://devcentral.f5.com/wiki/defau...ation.html . It has just a couple minor issues left to iron out, but is otherwise working fine. However, I'd really like to get rid of the pasv port tracking mechanism I've created. I think I might be reinventing the wheel there.

 

 

 

From what I can tell, the 'TCP::unused_port' and 'listen' commands, along with potentially the 'relate_client' and/or 'relate_server' commands could be used to instruct the F5 to listen on an unused port for an incoming pasv connection related to the control channel connection. This would eliminate a whole swath of TCL global array lookups as well as the TCL IP ACLs I've created. I could get rid of my reinvented wheel, so to say.

 

 

 

That said, I can't determine how to properly use the 'listen' or 'relate_client'/'relate_server' commands and the wiki entries are a bit vague. I've attempted some trial and error here, but have been unsuccessful. Can anyone shed some light on how these are used? I've searched high and low for examples but haven't found any. I'd really love to clean up that FTPS iRule and remove my ad hoc port management. I think there might be others who could benefit from this iRule if I could get it in tip-top shape. Thanks!

 

application delivery
dev
devops
iRules

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 19, 2010
    Hi Bob,

     

     

    Thanks for adding the FTPS iRule. It looks like a great start.

     

     

    Unfortunately, these aren't commands I've explored much. You could open a case with F5 Support and ask them to elaborate on the wiki pages for the commands. The more specific info you can suggest they provide, the better response you'll get.

     

     

    Aaron
  • Gary_Shah_55283's avatar
    Gary_Shah_55283
    Icon for Nimbostratus rankNimbostratus
    Nov 15, 2010
    I have added Bob Z's iRule to current FTPS install - but, can't get it to work.

     

     

    I was leaning towards single iRule solution for FTPS as opposed to 3 VS and 3 iRule solution published on this forum earlier.

     

     

    If anyone else has ventured to put this in testing ... please post your feedback.