FTP Proxy : pwd problem

Question

Hello,&nbsp;Im currently using following code snippet for FTP proxy.&nbsp;https://devcentral.f5.com/codeshare/ftp-proxy-lite&nbsp;    when CLIENT_ACCEPTED {
    TCP::respond "220 Welcome to the F5 FTP Proxy
"
    log local0. "client accepted"
    TCP::collect
}

when CLIENT_DATA {
    set ftplogin [TCP::payload]
    if { $ftplogin starts_with "USER" } {
        set cuser [TCP::payload]
        scan $cuser {%[^@]@%s} garbage remote_ftp_site_addr
        scan $garbage %s%s cmd uid
        TCP::payload replace 0 [string length $cuser ] "USER $uid
"
        node $remote_ftp_site_addr [TCP::local_port]
    }
    TCP::release
}
`
But it looks like the passwd doesnt get passed when connecting to the ftp server.
I get this behavior with WINSCP and Filezilla

Answer : 530 Please login with USER and PASS.

Server Log:

&gt; `Thu Mar  7 10:13:12 2019 [pid 17174] FTP command: Client "::ffff:130.0.0.150", "USER ictst"Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", "331 Please specify the password."
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP command: Client "::ffff:130.0.0.150", "SYST"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", "530 Please login with USER and PASS."
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP command: Client "::ffff:130.0.0.150", "FEAT"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", "211-Features:"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " EPRT??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " EPSV??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " MDTM??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " PASV??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " REST STREAM??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " SIZE??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", " TVFS??"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", "211 End"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP command: Client "::ffff:130.0.0.150", "PWD"
Thu Mar  7 10:13:12 2019 [pid 17174] [ictst] FTP response: Client "::ffff:130.0.0.150", "530 Please login with USER anThe Virtual server has a FTP-Profile on it.&nbsp;Anybody have an idea why this could be the case ?&nbsp;Leander&nbsp;

petewhite · Answer

Because your user does not have an FTP server included maybe?&nbsp;FTP command: Client "::ffff:130.0.0.150", "USER ictst"But the code requires the user to be of the type username@ip address:&nbsp;scan $cuser {%[^@]@%s} garbage remote_ftp_site_addr
scan $garbage %s%s cmd uid
TCP::payload replace 0 [string length $cuser ] "USER $uid
"
node $remote_ftp_site_addr [TCP::local_port]

leanderv_365921 · Answer

Hi,
Sorry i wansn't clear enough. The logs u see there are from the backend FTP-Server. 
`FTP command: Client "::ffff:130.0.0.150", "USER ictst"`

So the ftp-connection gets setup with right server based on the username. The irule does what it needs to do. Only we can't complete the connection because it always fails when trying to give the password.
Leander

Forum Discussion

FTP Proxy : pwd problem

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

iRule Security 101 - #07 - FTP Proxy

unauthenticated or authenticated FTP proxy

FTP proxy v10 and up

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL Orchestrator Advanced Use Cases: Integrating SOCKS Proxy