HPE Community
Operating System - HP-UX
1825180 Members
5156 Online
109679 Solutions
New Discussion юеВ

enabling FTP service through proxy in DMZ to public n@t

 
SOLVED
Go to solution
8hands
New Member

тАО07-21-2009 05:16 AM

тАО07-21-2009 05:16 AM

enabling FTP service through proxy in DMZ to public n@t

Hi all.
I have a trouble...

My private network with several HP-UX servers is directly connected to a shared network through a proxy firewall placed as a border in the DMZ.
The shared network provide Internet access while the personal net doesn't.

My problem is to provide a ftp comunication between the servers inside private network to the servers in the shared network passing through the proxy: while for the HTTP there's no problem (just added the proxy in the browser), i don't know in which way may I allow the ftp communication through the proxy!

Does anybody know how?
Does it still exists a dynamic way to perform this operation or I have to apply a specific procedure for each involved server?
tks,
8hnds
0 Kudos
Reply
10 REPLIES 10
Steven E. Protter
Exalted Contributor

тАО07-21-2009 05:18 AM

тАО07-21-2009 05:18 AM

Solution

Re: enabling FTP service through proxy in DMZ to public n@t

Shalom,

Normally you just set a variable called http_proxy to a value for command line access.

There is in the firefox browser a menu item under preferences to set up proxies.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
8hands
New Member

тАО07-21-2009 05:29 AM

тАО07-21-2009 05:29 AM

Re: enabling FTP service through proxy in DMZ to public n@t

Ok, I try with the command:
set ftp_proxy=IP_PROXY_ADDRESS:8080

but it doesn't still works.
other suggestions?
thank you very much
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-21-2009 05:29 AM

тАО07-21-2009 05:29 AM

Re: enabling FTP service through proxy in DMZ to public n@t

# ftp
ftp> proxy open x.y.w.z

this should help...

consider using wget tool to get your files as it uses the http protocol to retrieve files and as long as you know where you are getting your files from, on the remote server, you can script them and do the transfers unattended. wget is a freeware tool available for many OS platforms. just google the word if you need further information about it and download locations.

HTH
________________________________
UNIX because I majored in cryptology...
Reply
8hands
New Member

тАО07-21-2009 05:40 AM

тАО07-21-2009 05:40 AM

Re: enabling FTP service through proxy in DMZ to public n@t

no way :-(
searching in the web i found sometimes you have to add the proxy in /etc/hosts or, in other cases, someone suggests to modify configuration in /etc/ftpd/ftpaccess

it doesn't matter with my problem?other ideas?
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-21-2009 07:06 AM

тАО07-21-2009 07:06 AM

Re: enabling FTP service through proxy in DMZ to public n@t

Are you sure that the proxy you are using/trying to use, accomodates ftp requests ? I remember seeing a freeware product called ftpproxy at one time and a quick google search is showing me ftpproxy.org as their homepage. Maybe you should consider setting up an ftp friendly proxy server. Otherwise, the internal ftp command

proxy open ip_of_proxy_server

should work.
________________________________
UNIX because I majored in cryptology...
Reply
Olivier Masse
Honored Contributor

тАО07-21-2009 08:31 AM

тАО07-21-2009 08:31 AM

Re: enabling FTP service through proxy in DMZ to public n@t

I can confirm the the ftp.proxy software available from www.ftproxy.org works on HP-UX, I'm using it. But it's not really a transparent proxy, it's an ftp gateway and you can fool applications into using it simply by changing the destination address and embedding the real FTP server login.

Reply
8hands
New Member

тАО07-23-2009 04:59 AM

тАО07-23-2009 04:59 AM

Re: enabling FTP service through proxy in DMZ to public n@t

ok let answer to last 2 suggestions...
yes the proxy is able to accomodates ftp request: on another server belonging the same private network, using a mozilla browser on which the proxy for http ftp and so on has been specified it works fine.

The problem is to find a way to use ftp from the shell without needing to install a browser in all the server (corporate policy).
So i have an idea...if I install a browser and I specify the ftp proxy address in the "internet options" it's all working fine.
So the question becomes: does a configuration file, on which filling the proxy information and address via VI editor (as if I put proxy info in a browser) exists?
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-23-2009 05:51 AM

тАО07-23-2009 05:51 AM

Re: enabling FTP service through proxy in DMZ to public n@t

Even though your browser has specified an ftp proxy, that ftp activity may not look the same to the firewall as a command line ftp. It most probably have a different packet encapsulation. Your firewall has most probably been configured to handle browser traffic but not the command line ftp.

Is there any possibility to install wget application on this machine to test if you can get to the ftp files using wget or is this also out of question ?
________________________________
UNIX because I majored in cryptology...
Reply
8hands
New Member

тАО07-24-2009 06:08 AM

тАО07-24-2009 06:08 AM

Re: enabling FTP service through proxy in DMZ to public n@t

ok i installed wget even if it takes several problems (I installed all the suggested dependencies ) when typing the "make" and "make installation" command.
just to know: i have no way to modifying something on the proxy side: dou you mean that there's no way to understand if the ftptraffic throuh the command line was disable from both the private and public side?
tks u all
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-24-2009 06:20 AM

тАО07-24-2009 06:20 AM

Re: enabling FTP service through proxy in DMZ to public n@t

Unfortunately, unless you have access to the firewall(s) governing your access to outside world from the private section of your network, there is no way to tell what exactly is happening.

If you have a personal server where you can access system level logs, that is located on the internet, which will accept ftp connections, one test you can do is to ftp to this server while watching its system logs to see if your command line ftp request is reaching it or not. Other than that, you are at the mercy of your network guys. You can ask them nicely to put a sniffer (maybe sniffers, plural) and see where the communication is breaking up.
________________________________
UNIX because I majored in cryptology...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.