cancel
Showing results for 
Search instead for 
Did you mean: 

FTp proxy via iRule

hmprox
Nimbostratus
Nimbostratus

Hello,

 

I'm trying to do an anonymous ftp connection through an F5 irule.

My logs of the irule look like this:

 

Rule /Common/iRule_ftp_proxy <CLIENT_ACCEPTED>: client FTP accepted Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: client payload - USER anonymous@193.190.198.27 Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: sitename:193.190.198.27 - cmd:USER - uid:anonymous Rule /Common/iRule_ftp_proxy <CLIENT_DATA>: address 193.190.198.27 port 21 Rule /Common/iRule_ftp_proxy <SERVER_CONNECTED>: connected to server Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 220-Welcome to the Belnet public FTP server ftp.belnet.be !     This server is located in Brussels, Belgium and operated by Belnet, the Belgian  Education and Research Network. If you have any problem, question or mirror   request, please send them to ftpmaint@belnet.be.     This archive is available through the following means:     RSYNC rsync://rsync.belnet.be (IPv4)  HTTP http://ftp.belnet.be (IPv4 + IPv6)  FTP ftp://ftp.belnet.be (IPv4 + IPv6) Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server found 220 ok Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload    Note: opening too many parallel connections to this host is considered an abuse.   All access is logged.         Currently used storage capacity : 34T / 100T on /ftp 220 193.190.198.27 FTP server ready  Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 331 Anonymous login ok, send your complete email address as your password

 

 

When I check with a wireshark capture on my client; the '331 Anonymous login ok, send your complete email address as your password' never reaches the client. Without the proxy, it does reach the client and filezilla knows how to deal with it.

 

 

This is my server_data in the irule;

 

when SERVER_DATA {    if { $static::debug } { log local0. "server payload [TCP::payload]" }    if { [TCP::payload] starts_with "220" }{        if { $static::debug } { log local0. "server found 220 ok" }        TCP::respond "USER $uid\r\n"        TCP::payload replace 0 [TCP::payload length] ""    }    TCP::release    TCP::collect }

 

I also tried modifying the rule like this:

 

when SERVER_DATA {    if { $static::debug } { log local0. "server payload [TCP::payload]" }    if { [TCP::payload] starts_with "220" }{        if { $static::debug } { log local0. "server found 220 ok" }        TCP::respond "USER $uid\r\n"        TCP::payload replace 0 [TCP::payload length] ""    }    if { [TCP::payload] starts_with "331" }{        TCP::respond "PASS $uid@example.com\r\n"        TCP::payload replace 0 [TCP::payload length] ""    }    TCP::release    TCP::collect }

 

This get's me one step further, but I'm still not able to connect.

When I check with a wireshark capture on my client; the '331 Anonymous login ok, send your complete email address as your password' never reaches the client. Without the proxy, it does reach the client and filezilla knows how to deal with it. Rule /Common/iRule_ftp_proxy <SERVER_DATA>: server payload 230 Anonymous access granted, restrictions apply

 

 

Why is the '331 server_data' not being forwarded to my client so it can respond to it, or is this the task of the proxy? And why is the '230 server data' not reaching the client?

 

 

Cheers

 

 

0 REPLIES 0