You need an SSLftp aware proxy or you need to forward packets.
>220 somehost FTP server (SSLftp 0.10) ready.
>Name (somehost:visitor): visitor
>551 Userid nonexistent
>SSL not available
The way SSLftp works is that after you type in the user name it sends
AUTH SSL. Which initiates the transition to SSL.
The BADAUTH log msg from ftp-gw suggests that your ftp-gw is eating that
and thus you do not get your SSL session established.
Given that the ftp proxy's joy in life is to watch your ftp session
and check that the GET/PUTs etc are ok, it is NOT going to work if you start
encrypting the traffic.
You need to make the ftp proxy an end-point in the SSL connections,
which means that you will have a separate SSL session from the proxy
to the server.
I have an SSL aware ftp-gw but I can't let you have it - due to
the fwtk license.
You'd probably be better off using SSH or SSLrcp (which I can supply :-)
>sessions. This SSLftp apparently does require something,
>which SSLtelnet does not, but what could that be. I have not
FTP is a different protocol to TELNET, thus the proxies behave differently.
Note that SSLftp will give you just as much grief through
a stateful inspection type firewall - unless you stick to passive
mode transfers.
--sjg
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
