Operating System - HP-UX
1823870 Members
4154 Online
109666 Solutions
New Discussion юеВ

HP-UX ftp vs. Microsoft Winsock Proxy Client

 
SOLVED
Go to solution
A. Daniel King_1
Super Advisor

HP-UX ftp vs. Microsoft Winsock Proxy Client

Hi, folks...

I'd like to connect (ftp) to the Internet through a firewall from HP-UX 11.0.

Windows PC's in the same environment can use the Winsock Proxy Client and get through just fine.

What questions do I need to ask of my network support staff? Is there a stock HP-UX solution to this issue? Will I need to look at ncftp or some other item?

Thanks in advance.
Command-Line Junkie
4 REPLIES 4
Steven Sim Kok Leong
Honored Contributor

Re: HP-UX ftp vs. Microsoft Winsock Proxy Client

Hi,

FTP makes use of ftp-control (TCP port 21) and ftp-data (TCP port 20), thus the firewall must open up at least these two ports for outbound connectivity to the Internet from your HP-UX client.

If you are using Checkpoint FW-1 for your firewall, it will be possible for stateful inspection of your FTP packets such that the firewall automatically detects the high-numbered port that it needs to open up for the reverse ftp-data connection that is initiated from the FTP server.

If not, then you may have to open up a whole range of high-ports to ensure that your FTP transfers work.

Symptoms of ftp-data being blocked but ftp-control works through the firewall is when you can get connected to the FTP server from your client, you can login using the correct userid and password but when you perform an ls, it hangs.

When that happens, revisit your firewall rules and also check your firewall logs for dropped packets between the client and server.

Hope this helps. Regards.

Steven Sim Kok Leong
Shannon Petry
Honored Contributor

Re: HP-UX ftp vs. Microsoft Winsock Proxy Client

The answer really depends on your firewall.

As Steve said, in checkpoint there is at least one way (and I know a few more) to give your HP-UX system access.
If your running MS Proxy (which is what the winsock client is for) then you will have problems unless you make changes to the MS Proxy server to allow normal auth instead of NTLM only auth (default). Then you will have to use a browser because there are no good GUI ftp clients I have found for HP-UX which support an auth-proxy. If the Proxy is running No-auth, then just use whatever client supports proxy.

You will only need ports 20 and 21 for FTP.

Regards,
Shannon
Microsoft. When do you want a virus today?
rick jones
Honored Contributor

Re: HP-UX ftp vs. Microsoft Winsock Proxy Client

i cannot recal if the ftp shipped in HP-UX 11 groks the concept of a proxy, but you might download the latest FTP patch(es) and peruse the docs.

i use a "socksified" ftp client on my system. there should be some freely distributed socks bits for HP-UX out there on the net somewhere. you then need a socks server that can get through the firewall - perhaps the firewall itself supports socks.
there is no rest for the wicked yet the virtuous have no pillows
Wodisch_1
Honored Contributor
Solution

Re: HP-UX ftp vs. Microsoft Winsock Proxy Client

Hi Daniel,

you can get "socks" for HP-UX from the HP-UX Porting Archives:
http://hpux.asknet.de/hppd/hpux/Networking/Admin/socks_cstc-4.2.pre1/

Then you can configure and use your HP-UX box just like those PCs...

HTH,
Wodisch