FTP.PROXY(1) FTP.PROXY(1)
NAME
ftp.proxy - FTP proxy server
SYNOPSIS
ftp.proxy [options] [server]
DESCRIPTION
ftp.proxy is a proxy server for a subset of the file tran
fer protocol described in RFC 959. It forwards traffic
between a client and a server without looking too much if
both hosts do real FTP. The FTP server can be either
given on the command line or supplied by the client.
ftp.proxy must be started from a TCP superserver like
inetd(1) or tcpproxy(1). It can't bind to a TCP/IP port
on it's own.
Protocol Support
ftp.proxy supports the following FTP commands:
ABOR, ACCT, APPE, CDUP, CWD, DELE, FEAT, LIST,
MDTM, MKD, MODE, NLIST, NOOP, PASS, PASV, PORT,
PWD, QUIT, RETR, REST, RNFR, RNTO, RMD, SITE,
SIZE, SMNT, STAT, STOR, SYST, TYPE, USER, XCUP,
XCWD, XMKD, XPWD, XRMD
Transfer of structured data is not supported.
Command Parameters
By default ftp.proxy does not accept blanks in command
parameters. This is to protect your UNIX server against
users who work on computers where these things are usual.
To allow blanks the option -b must be given on the commans
line. Notice that blanks at the beginning or end of the
parameter are still not supported.
The `SITE' is in neither case affected by this limitation,
ftp.proxy accepts always blanks in `SITE' parameters.
The option -y enables ftp.proxy to accept data connections
from different remote interfaces. Try to avoid using this
option, because it can cause security problems. (see HIS
TORY for details)
Server Selection
If client-side server selection it turned on with the -e
option the user must select the FTP server he wants to use
with the `@' notation. Instead of specifying the real ftp
server on the command line the user has to connect to the
gateway machine where ftp.proxy is running and to enter
the username in the form
remote-user@remote-ftp.server
The access controller receives the following variables:
PROXY_INTERFACE, PROXY_PORT
interface and port where the client is connected to
the proxy.
PROXY_CLIENT, PROXY_CLIENTNAME
IP number an name of the connected client.
PROXY_SERVER, PROXY_SERVERPORT, PROXY_SERVERNAME
IP number, port and name of the FTP server the
client wants to contact.
PROXY_SERVERLOGIN
the supplied username for the FTP server.
PROXY_USERNAME, PROXY_PASSWD
supplied username and password for usage of the
proxy server.
The values for PROXY_USERNAME and PROXY_PASSWD are taken
from the supplied remote username and password if they
contain a colon `:'. In this case the local authentica
tion data is taken from the left side of the colon and the
remaining right side is passed on to the server.
Furthermore the acp's stdout is connected to the FTP
client and it's stderr is read by ftp.proxy which writes
the acp's stderr output to syslog.
Command Control
If a command control program (ccp) is given with the -c
option this program is called for the FTP commands
APPE, CDUP, CWD, DELE, LIST, MDTM, MKD,
NLST, RETR, RNFR, RNTO, RMD, SIZE, STAT,
STOR, STOU, XCUP, XCWD, XMKD, XRMD
The ccp returns an exit code of 0 to grant and any other
to deny access (the exit code to the `QUIT' command is
ignored). For the ccp the same variables as for acp's are
set with the addition of
PROXY_COMMAND, PROXY_PARAMETER
FTP command and parameter (if set).
PROXY_SESSION
a unique identifier for the proxy session.
PROXY_CCPCOLL,
the client's number of collisions with the ccp's
permission rules (number of `permission denied'
final clean up. It is not reliable that the ccp receives
the `+EXIT' event. There are lots of possiblities that
the proxy terminates without generating it, e.g. client
timeout, server error or signal reciption by the proxy.
Monitor Mode
The -m option puts ftp.proxy into the monitor mode.
ftp.proxy will then try to keep track of the client's cur
rent directory on the server side. With this information
the file parameter for the commands
APPE, CDUP, CWD, DELE, LIST, MDTM, MKD
NLST, RETR, RNFR, RNTO, RMD, SIZE, STOR,
XCUP, XCWD, XMKD, XRMD
is converted into an absolute path. This value is then
used in syslog messages and given to a ccp in the
PROXY_FTPPATH variable. Furthermore the variable
PROXY_FTPHOME contains the user's initial directory which
is assumed to be his home directory.
The `LIST' and `NLIST' command may have a parameter or
not. If it is absent ftp.proxy sets the parameter to `*'
but this affects only the PROXY_FTPPATH variable, not the
command that is sent to the server.
For the `CDUP' command PROXY_FTPPATH contains the full
path of the target directory.
Monitoring may not work with all server systems since the
output of the `PWD' command which is used by ftp.proxy to
get the current directory in not completely defined. If
the directory can not be clearly determined ftp.proxy will
terminate.
OPTIONS
The following options are available:
-a acp specify an access control program that grants or
denies access via ftp.proxy.
-b allows blanks in filenames.
-B allows blanks and other special charackters in
passwords.
-c ccp set a command control program that grants or denies
the usage of FTP commands through ftp.proxy.
-d enter debug mode, the communication between server
and client is written to stderr.
-e enable client-side server selection. With this
the FTP server selected by the client must match
one of the pattern from the comma separated list.
The wildcards `*' and `?' can be used.
-t timeout
specify a different FTP timeout in seconds than the
default of 900 (15 minutes).
-v prefix
set prefix as variable prefix for the variable
passwd to the access and command control program.
-y allow any data ports on any remote interfaces (dan
gerous!).
-z size
sets the amount of data in bytes ftp.proxy tries to
read with one system call from either the client or
the server. The default is 1024 bytes, valid val
ues range from 1 to 4096. Playing around with
larger values than the default may increase the
proxy's data troughput.
-V show version number
SYSLOG
ftp.proxy reports to FTP log facility.
AUTHOR
Andreas Schoenberg <[email protected]>
SEE ALSO
inetd(1), tcpproxy(1), syslogd(8), syslog.conf(5).
04 FEBRUARY 2002 FTP.PROXY(1)
Maintained by Andreas Schoenberg | Imprint | Data protection policy