HPE Community
Operating System - HP-UX
1833883 Members
1739 Online
110063 Solutions
New Discussion

Re: FTP from behind a firewall without using SOCKS

 
Kevin Cherubini_1
Advisor

‎01-20-2004 01:50 AM

‎01-20-2004 01:50 AM

FTP from behind a firewall without using SOCKS


Hi all,

I'd like to use an ftp client that will allow me to access the Internet from a HP-UX server that is behind a firewall.

There is a passthrough proxy server on the WAN that will allow me to access the Internet (for example, from my PC).

I understand that it may be possible to do this with a SOCKS proxy server by using an ftp client like socks_cstc-4.2.pre1 but there is no SOCKS proxy on my WAN, and no plans to install one.

If I bypass the passthrough proxy, I will have no direct IP connection to the ftp server on the Internet because we use Network Address translation (NAT) on the WAN.

Is there any way to configure my ftp client to use the passthrough proxy server?

Thanks,

Kevin
Is this why they pay us so little?
0 Kudos
Reply
7 REPLIES 7
G. Vrijhoeven
Honored Contributor

‎01-20-2004 02:32 AM

‎01-20-2004 02:32 AM

Re: FTP from behind a firewall without using SOCKS

Hi,

Is it possible for you to get an account on the proxy server. You can ftp from the internet to this server and from this server you can put it on your server. A direct connection to the HPUX server will need a firewall change for ftp you need port 20 and 21. but i would not advice this. It is a security risc. (with ftp the passwd will go clear text over the network.)


Gideon
0 Kudos
Reply
John Dvorchak
Honored Contributor

‎01-20-2004 03:14 AM

‎01-20-2004 03:14 AM

Re: FTP from behind a firewall without using SOCKS

I am a little unclear on what you are trying to do. Most firewalls, with or without proxy servers, and NAT will just pass the request through to the intended server like it came from them. I am curious what happens when you get on your HPUX box and try to ftp to a destination on the Internet. What errors etc?

Also you may already have all you need to get the job done, you just have'nt figured it out. On our pass through server we will ftp to it and instead of a username and password I would type user@outside.com and wait for the password challenge.

So the session would go like this:

ftp passthrough.your.com
Connected to passthrough.your.com
Nane: user@internet.add.com

inetnet.add.com
PASSWORD: ******

I hope I am explaning that clearly.
good luck,
John
If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
Kevin Cherubini_1
Advisor

‎01-20-2004 03:37 AM

‎01-20-2004 03:37 AM

Re: FTP from behind a firewall without using SOCKS


John - sorry if I was unclear. I've installed VirusScan on my HP-UX server and i'm trying to schedule a download of the updated DAT files from ftp.nai.com.

I've set up my .netrc file as follows:

machine ftp.nai.com
login anonymous
password

macdef init
cd /pub/antivirus/datfiles/4.x
bin
prompt
mget dat-*.tar
close
bye

When I run "ftp ftp.nai.com", I get

ftp: connect: Network is unreachable

I'm sure that this is because we use NAT on the WAN and no public IP addresses are permitted. The firewall between me and the Internet is in a different country, so I need to access it across our WAN. This all works fine from my Windows PC, but I can't seem to get it working from Unix.

Gideon - thanks for the interesting suggestion. I will talk to the proxy server administrator to see if this is possible.

I want to be able to schedule the ftp download on cron, though, so maybe relying on another server, over which I have no control, is not the best possible option, unless the proxy can be configured to automatically download the file that I need.
Is this why they pay us so little?
0 Kudos
Reply
John Dvorchak
Honored Contributor

‎01-20-2004 03:41 AM

‎01-20-2004 03:41 AM

Re: FTP from behind a firewall without using SOCKS

That is a lot clearer thank you Kevin. What happened when you tried what I suggested by ftp-ing to the pass through server:

ftp passthrough.server.name
USER: anonymous@ftp.nai.com
PASS: your@email.address

I know it sounds weird but that is the way it works here.

Good luck
If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
Kevin Cherubini_1
Advisor

‎01-20-2004 03:54 AM

‎01-20-2004 03:54 AM

Re: FTP from behind a firewall without using SOCKS


I tried your suggestion, John.

I added the following to .netrc

machine ukproxy
login anonymous@ftp.nai.com
password my_email_address

Running "ftp ukproxy" gave me:

ftp: connect: Connection refused

Does this mean that the FTP server on ukproxy is disabled? If so, then I'll have to talk to the proxy server administrator.


Is this why they pay us so little?
0 Kudos
Reply
John Dvorchak
Honored Contributor

‎01-20-2004 04:21 AM

‎01-20-2004 04:21 AM

Re: FTP from behind a firewall without using SOCKS

It could be Kevin. Here is what I just did on our LAN to test your method:

.netrc Mode 400 :

root> cat .netrc
machine passthrough
login anonymous@ftp.nai.com
password my_email@your.com

here is the session output:
root> ftp passthrough
Connected to xxx-xx-xx-xxx-43.my.com.
220-
Company official business and subject to being monitored at
any time. Anyone using this system EXPRESSLY CONSENTS to such
monitoring and any evidence of unauthorized access, use, or
modification being used for CRIMINAL PROSECUTION.
220
331-(----GATEWAY CONNECTED TO ftp.nai.com----)
331-(220 sncwebftp6 Microsoft FTP Service (Version 5.0).)
331 Anonymous access allowed, send identity (e-mail name) as password.
230-You are connected to ftp.nai.com.
230-Your use is subject to the terms and conditions
230-in Legal.TXT and Usage.TXT files.
230-*Mirror sites at FTPEUR.NAI.COM and FTPDE.NAI.COM*
230 Anonymous user logged in.
Remote system type is Windows_NT.
ftp>


Good luck,
John


If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
Kevin Cherubini_1
Advisor

‎01-21-2004 04:32 AM

‎01-21-2004 04:32 AM

Re: FTP from behind a firewall without using SOCKS


Thanks for all your help so far.

It seems that the tar file that I'm trying to download is already being dowloaded daily by someone else on the WAN, so I'm going to try to ftp it from there.

I may need some more help if this is not a runner. I'm not forgetting your points!



Is this why they pay us so little?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.