SHould I use ftp proxy

Hello:  I am wondering if I should continue to setup an ftp proxy on our
BM38sp2a server.  Currently I use filter exceptions (stateful for both ports
20 and 21) from the private to the public interface.  This works great
except that everyone inside the firewall has access.  With a proxy I could
limit access.

Yesterday I tried to setup ftp proxy but with very limited success.  I
changed my ftp exceptions above to public to public, enabled the ftp proxy,
and set authentication to none.  With this setup I can browse ftp sites with
ftp and http, but pure ftp clients will not connect.

So, should I abandon the ftp proxy??

Chris.
0
cmosentine
8/31/2004 12:23:06 PM
novell.bordermanager.proxies 3217 articles. 0 followers. Follow

6 Replies
429 Views

Similar Articles

[PageSpeed] 41

hi Chris,

if you aren't going to enable authentication for the FTP proxy then 
having a proxy or having a packet filter exception doesn't make much 
difference, apart from - possibly - the logging (you would see what 
files people donwload in the ftp proxy logs).
Access would be anyway enabled for everyone.

About not being able to use the FTP proxy with a standard FTP client, 
this is unusual. They tend to support the FTP proxy quite well.
What FTP client are you using? Did you try to check the FTP proxy FAQ in 
the knowledgebase (TID 10014010)?


-- 
Caterina
Novell Support Connection Volunteer Sysop
0
Caterina
8/31/2004 2:09:51 PM
Caterina:  I was attempting to use the dos ftp client out of Windows 2000. 
Also, I tried using a browser, pointing it towards a ftp url like
"ftp://ftp.suse.com", but this would not work either.  And yes, I made sure
IE and FireFox were configured to point to the proxy server.

Now the problem I see with using the proxy server may be a filter issue, I
do not know.  But, I tested by completely opening ports 20 and 21 in both
directions (4 exceptions rules, in & out for both ports 20 and 21, source
and dest. set to any).  I would always get an unable to connect error. 
Since I did not enable proxy authentication (set to none), I should be able
to use "open ftp.suse.com" in the ftp session to connect, right?

Thanks for the help, Chris.
0
cmosentine
8/31/2004 2:38:30 PM
hi Chris,

> Caterina:  I was attempting to use the dos ftp client out of Windows 2000. 

ok, the TID I mentioned shows the correct syntax to use for the dos 
client (whatever version of Windows).

> Also, I tried using a browser, pointing it towards a ftp url like
> "ftp://ftp.suse.com", but this would not work either.  And yes, I made sure
> IE and FireFox were configured to point to the proxy server.

through the browser, is always better to use the http tunneling for FTP, 
for stability and performance purposes. Make sure that IE has the 
"folder view" disabled and "use Passive FTP" enabled, in the advanced 
options.

> Now the problem I see with using the proxy server may be a filter issue, I
> do not know.  But, I tested by completely opening ports 20 and 21 in both
> directions (4 exceptions rules, in & out for both ports 20 and 21, source
> and dest. set to any).  I would always get an unable to connect error. 

The best way to check is to actually UNLOAD IPFLT. The filters for FTP 
can be tricky. Once you know that it isn't a proxy configuration (if it 
works without filters), then you can concentrate on the filtering.

> Since I did not enable proxy authentication (set to none), I should be able
> to use "open ftp.suse.com" in the ftp session to connect, right?

No, if you want to use the DOS prompt FTP, you'll have to use the syntax 
specified in the TID.


-- 
Caterina
Novell Support Connection Volunteer Sysop
0
Caterina
8/31/2004 3:41:13 PM
Hey Caterina:  Thanks a bunch.  I got everything working.  Turned out to be
an issue with syntax.  Now I need to get my suse servers update (YOU)
working.

Thanks again, Chris.
0
cmosentine
9/1/2004 1:04:48 PM
One last question - I hope:

I have a Suse 9.1 linux server which I want to update using YOU (Yast Online
Update).  THis is basically a ftp client, however, it wants to send one line
of paramaters which it builds out of input site, directory, user and
password.  Can the ftp proxy utilize one line of input to connect to a site
(e.g.   server.domain.com : name.myOU.myO$anonymous$ftpsite :
password$email)

Chris
0
cmosentine
9/1/2004 2:15:47 PM
hi Chris,

> I have a Suse 9.1 linux server which I want to update using YOU (Yast Online
> Update).  THis is basically a ftp client, however, it wants to send one line
> of paramaters which it builds out of input site, directory, user and
> password.  Can the ftp proxy utilize one line of input to connect to a site
> (e.g.   server.domain.com : name.myOU.myO$anonymous$ftpsite :
> password$email)

I believe it can, but honestly I've never tried myself...

-- 
Caterina
Novell Support Connection Volunteer Sysop
0
Caterina
9/1/2004 2:54:19 PM
Reply:

Similar Artilces:

proxy to proxy
We will connect with our Bordermanager to an other proxy. but there is a syntax-problem our BM-Proxy will build the connection with(Trace) ....cyberbanking.bankkoop.ch:443/ HTTP/1.0..... but there should not be / according to RFC there is no "/" Slash allowed. Beat Brunner <<...cyberbanking.bankkoop.ch:443/ HTTP/1.0..... that has been fixed in the latest patches Gonzalo > <<...cyberbanking.bankkoop.ch:443/ HTTP/1.0..... > > that has been fixed in the latest patches > > Gonzalo > what do you meen with lastes patches ...

to Proxy or not to Proxy ?
Hi all, Could I ask for some opinions regarding using a proxy ? Here in the UK, I use Freeserve as my dial-up ISP. There is a web-cache proxy available for use if required, tho' IE6 works fine with or without (a small increase in page loads occurs if I use the proxy). The problem is, that if I use the proxy, then my Outpost Firewall logs only register connections to it, so I suffer from a serious lack of information about where my browser connections are going and what I could block (like adclick connections etc). I'm really not sure about the merits of with/without the pr...

Proxy to proxy
Hi. We use BM 3.8 as a proxy server and the main task is to restrict which url's the users can use. In the network there is another proxy server with internet access. Is it possible to setup BM to use another proxy server to connect to internet? And if yes, how ? Magne Absolutely. Search under "Cache Hierarchy Client". Basically....enable the client on the BM box, add you upstream proxy (Neighbor Hostname) add the correct port for the type of upstream proxy, add the type of proxy, usually you can just leave the priority at "1". looks like this...

to proxy or not to proxy that is the ?
ok, i had jconect on NT and my AIX Sybase database on an RS/6000, so i used the proxy...fine. i have installed jconnect on the rs/6000, installed netscape fasttrack and i STILL have to use the proxy to avoid those -1 erro messages. does this mean that jConect always has to use that proxy no matter where anything lives? i am confused.... please enlighten me This is a multi-part message in MIME format. --------------6A7C6750A66874EBD6E2677A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit If you remove the "proxy" connection property fro...

FTP proxy & Transparent Proxy setup
--____VXWHOENWUJCUWAOOUIOM____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I have done a fresh install of BorderManager 3.7 SP1 on a server and I am = trying to get the proxies working. I currently have the packet forwarding = filters turned off and everyone can HTTP, FTP and Telnet to their heart's = content. When I turn on the filters, I believe that the proxies are = suppose to take this traffic and work with it. But it doesn't,=20 Can anyone help me out here? --____VXWHOENWUJCUWAOOUIOM____ Content-Type: multipart/rel...

BM proxy use other proxy server
Hi, We have set up BM 3.8 proxy to use other proxy (CERN). HTTP is ok, but it seems that the BM proxy is not sending HTTPS request to this proxy. When we try BM proxy directly to internet all is Ok. (both http and https) Any special setup for HTTPS to other proxy server?? Magne From a previous post of mine. (answered by Gonzalo) ability to sign into secure public web sites using SSL. > > This was an known issue.This is from one of the tids: > > 3.2.3 Proxy does not forward CONNECT requests > > If the ICP hierarchy with "Mus...

cannot create proxy using the web services proxy wizard
I am trying to access a PB component deployed to EAS via web services. I've created the wsdl document and I am able to call this web service from a ..Net client (I've created the proxy classes using to microsoft wsdl), so the web service is working fine. The problems is that when I try to create the proxy in PB the web service proxy wizard say that it is "Unable to process document referenced in "import" element." I've tryed with both wstest.wsdl and wstestImpl.wsdl, I am not sure about what is the right document to use. I've added pbsoapclient90.p...

Net::Ftp use proxy?
When cpan goes to do a "get", it first says LWP not available, then tries NET::Ftp (which failes because it is behind a FW and needs to use ftp_proxy) and finally lynx. Lynx works (fortunately). Should Net:Ftp be able to use my "ftp_proxy" set in the environment? http is more robust over a proxy On Sat, 19 Feb 2005 14:33:03 -0800, Linda W <cygwin@tlinx.org> wrote: > > When cpan goes to do a "get", it first says LWP not available, > then tries NET::Ftp (which failes because it is behind > a FW and needs to use ftp_proxy...

How to configure proxy generated by VS.NET to use Proxy Server?
Is it possible to instruct the web service proxy code generated by VS.NET to use a proxy server for outbound traffic?  I'm pretty sure it is possible to manually edit the source code generated by VS.NET, but I don't want them to be overwritten everytime I sync with the WSDL.Thanks in advance.Jason Create a new derived class which inherits from proxy class and make all custom changes to the derived class.program against your derived class, that way where ever you will regenerate your proxy class, you changes in derived class will not be overriden.http://vikasnetdev.blogspot.c...

Use FTP proxy without caching
Hi! Can I use ftp proxy without caching any files? I should use authentication, but I have problems with cached files. I set the max ftp cache file size to 1MB but it caches the bigger files. I set the non caheable url patter for an address, but it caches. How can I stop ftp cache, but use authenticate? Do you have read-ahead enabled? There has been a bug in the past that caused proxy to cache all data, but that was (I thought) only with HTTP Proxy. I am not sure if there is a way to have ftp proxy not cache any data. Perhaps you want to simply allow outbound FTP wit...

Bordermanager FTP Proxy and Users with @ in Name
Hi, We are using the BM 3.91 FTP proxy which of course uses the FTP proxy user@host (if @ is set as the separator which we set ours to) when using FTP client software. We've just had a company give us a piece of software that requires FTP access but uses @ symbol in the username of user that accesses the FTP site. I'd rather not change from using @ as the separator - lots of FTP software plays nicely with this and I don't want to give direct access as we operate a DMZ that limits traffic between internal and external hosts except via the proxy (which acts as an endp...

proxies, FTP, and security risks ("analogx proxy", specifically....)
Hi Folks, thanks to all of you for posting interesting and useful information. been a 'lurker' for a while and have learned lots of cool and useful facts from the wisdom you all share! i recently downloaded a "proxy" app from the www.analogx.com website (they've got lots of very wonderful, very FREE, and very useful tools there, do check it out if you're interested. Nice site design as well.) My reason for using a proxy is to let my winNT machine (lan'd to my XP/adsl machine) see the internet, or share my ADSL as well. For http, it seems to work ...

Active FTP over FTP Proxy
Hi All Is it at all possible to have Active FTP going over a bordermanager 3.8 FTP Proxy . . ?? cheers Joel Hi, joel@radio929.fm wrote: > > Hi All > > Is it at all possible to have Active FTP going over a bordermanager 3.8 FTP Proxy . . ?? AFAIK, no. CU, -- Massimo Rosen Novell Support Connection Sysop No emails please! http://www.cfc-it.de ...

Are you using GWIA with Mail Proxy (like BM 3.8 Mail Proxy)
Hi, Presently we are using GWIA and BorderManager 3.8 Mail Proxy with Multiple Domain option. We want to activate Reverse lookup on the GWIA (Reject mail if sender's identity cannot be verified). Since I'm behind BM 3.8 Mail Proxy, all mail I receive are from the IP Address of my Mail Proxy. BorderManager Mail Proxy don't have the option to do Reverse Lookup (not find it that exist). You, GW Administrator, are you using a Mail Proxy with the GWIA or not? Thank to share your experience Regards, Eric Bellavance Ministere des Finances Eric, I do not use i...

Web resources about - SHould I use ftp proxy - novell.bordermanager.proxies

George Lucas Probably Would Like To Take Back One Thing He Said About Disney In Charlie Rose Sit-Down ...
Star Wars creator George Lucas sat down with Charlie Rose to talk about the franchise’s legacy — and he appears to be a little bitter with what ...

5 Unusual New Year's Eve Traditions and Superstitions
What are you doing New Year’s Eve? Guzzling champagne, smooching a random stranger at midnight, and making heartfelt resolutions you’ll forget ...

Apple agrees to pay £234m to settle Italian tax dispute - Business - The Guardian
Corporation tax deal follows Apple Italia’s alleged failure to declare earnings in Italy but settlement is thought to be one-third of the estimated ...

Texas 'affluenza' teen delays extradition, mother deported from Mexico
By Marice Richter and Dave Graham FORT WORTH/MEXICO CITY (Reuters) - The mother of a Texas teenager, scorned for his "affluenza" defense in a ...

Some victims identified after deadly wrong-way crash on I-95
Miami Herald Some victims identified after deadly wrong-way crash on I-95 Miami Herald A 23-year-old woman driving the wrong way on northbound ...

Gwen Stefani Steps Out After Family Fun With Blake Shelton
Gwen Stefani goes ultra glam rock while hitting up Planet Nails for a manicure on Wednesday (December 30) in West Hollywood, Calif. The night ...

Police Arrest Man Accused of Shooting Officer in Atlanta
Police arrest man accused of shooting officer, driver during traffic stop in Atlanta

Harry Styles & Kendall Jenner Vacationing Together in Anguilla
Harry Styles and Kendall Jenner are reportedly vacationing together and were seen having dinner on Tuesday (December 29) in the British Island ...

U.S. preparing fresh sanctions on Iran: WSJ
(Reuters) - The Obama administration is preparing to sanction nearly a dozen companies and individuals in Iran, Hong Kong and the United Arab ...

Facebook investor class-action suit to move forward
A US judge has cleared a class-action suit against Facebook from investors claiming the social network failed to fully disclose its risks at ...

Resources last updated: 12/31/2015 1:27:27 AM