ftp.proxy - manual page


FTP.PROXY(1)                                         FTP.PROXY(1)



NAME
       ftp.proxy - FTP proxy server

SYNOPSIS
       ftp.proxy [options] [server]

DESCRIPTION
       ftp.proxy is a proxy server for a subset of the file tran­
       fer protocol described in RFC 959.   It  forwards  traffic
       between  a client and a server without looking too much if
       both hosts do real FTP.  The  FTP  server  can  be  either
       given on the command line or supplied by the client.

       ftp.proxy  must  be  started  from  a TCP superserver like
       inetd(1) or tcpproxy(1).  It can't bind to a  TCP/IP  port
       on it's own.

   Protocol Support
       ftp.proxy supports the following FTP commands:

              ABOR, ACCT, APPE, CDUP, CWD, DELE, FEAT, LIST,
              MDTM, MKD, MODE, NLIST, NOOP, PASS, PASV, PORT,
              PWD, QUIT, RETR, REST, RNFR, RNTO, RMD, SITE,
              SIZE, SMNT, STAT, STOR, SYST, TYPE, USER, XCUP,
              XCWD, XMKD, XPWD, XRMD

       Transfer of structured data is not supported.

   Command Parameters
       By  default  ftp.proxy  does  not accept blanks in command
       parameters.  This is to protect your UNIX  server  against
       users  who work on computers where these things are usual.

       To allow blanks the option -b must be given on the commans
       line.   Notice  that blanks at the beginning or end of the
       parameter are still not supported.

       The `SITE' is in neither case affected by this limitation,
       ftp.proxy accepts always blanks in `SITE' parameters.

       The option -y enables ftp.proxy to accept data connections
       from different remote interfaces. Try to avoid using  this
       option,  because it can cause security problems. (see HIS­
       TORY for details)

   Server Selection
       If client-side server selection it turned on with  the  -e
       option the user must select the FTP server he wants to use
       with the `@' notation.  Instead of specifying the real ftp
       server  on the command line the user has to connect to the
       gateway machine where ftp.proxy is running  and  to  enter
       the username in the form

            remote-user@remote-ftp.server


       The access controller receives the following variables:

       PROXY_INTERFACE, PROXY_PORT
              interface and port where the client is connected to
              the proxy.

       PROXY_CLIENT, PROXY_CLIENTNAME
              IP number an name of the connected client.

       PROXY_SERVER, PROXY_SERVERPORT, PROXY_SERVERNAME
              IP number, port and name  of  the  FTP  server  the
              client wants to contact.

       PROXY_SERVERLOGIN
              the supplied username for the FTP server.

       PROXY_USERNAME, PROXY_PASSWD
              supplied  username  and  password  for usage of the
              proxy server.

       The values for PROXY_USERNAME and PROXY_PASSWD  are  taken
       from  the  supplied  remote  username and password if they
       contain a colon `:'.  In this case the  local  authentica­
       tion data is taken from the left side of the colon and the
       remaining right side is passed on to the server.

       Furthermore the acp's  stdout  is  connected  to  the  FTP
       client  and  it's stderr is read by ftp.proxy which writes
       the acp's stderr output to syslog.

   Command Control
       If a command control program (ccp) is given  with  the  -c
       option this program is called for the FTP commands

              APPE, CDUP, CWD, DELE, LIST, MDTM, MKD,
              NLST, RETR, RNFR, RNTO, RMD, SIZE, STAT,
              STOR, STOU, XCUP, XCWD, XMKD, XRMD

       The  ccp  returns an exit code of 0 to grant and any other
       to deny access (the exit code to  the  `QUIT'  command  is
       ignored).  For the ccp the same variables as for acp's are
       set with the addition of

       PROXY_COMMAND, PROXY_PARAMETER
              FTP command and parameter (if set).

       PROXY_SESSION
              a unique identifier for the proxy session.

       PROXY_CCPCOLL,
              the client's number of collisions  with  the  ccp's
              permission  rules  (number  of  `permission denied'

       final  clean up.  It is not reliable that the ccp receives
       the `+EXIT' event.  There are lots  of  possiblities  that
       the  proxy  terminates  without generating it, e.g. client
       timeout, server error or signal reciption by the proxy.

   Monitor Mode
       The -m  option  puts  ftp.proxy  into  the  monitor  mode.
       ftp.proxy will then try to keep track of the client's cur­
       rent directory on the server side.  With this  information
       the file parameter for the commands

              APPE, CDUP, CWD, DELE, LIST, MDTM, MKD
              NLST, RETR, RNFR, RNTO, RMD, SIZE, STOR,
              XCUP, XCWD, XMKD, XRMD

       is  converted  into  an absolute path.  This value is then
       used in  syslog  messages  and  given  to  a  ccp  in  the
       PROXY_FTPPATH    variable.    Furthermore   the   variable
       PROXY_FTPHOME contains the user's initial directory  which
       is assumed to be his home directory.

       The  `LIST'  and  `NLIST'  command may have a parameter or
       not.  If it is absent ftp.proxy sets the parameter to  `*'
       but  this affects only the PROXY_FTPPATH variable, not the
       command that is sent to the server.

       For the `CDUP' command  PROXY_FTPPATH  contains  the  full
       path of the target directory.

       Monitoring  may not work with all server systems since the
       output of the `PWD' command which is used by ftp.proxy  to
       get  the  current directory in not completely defined.  If
       the directory can not be clearly determined ftp.proxy will
       terminate.

OPTIONS
       The following options are available:

       -a acp specify  an  access  control program that grants or
              denies access via ftp.proxy.

       -b     allows blanks in filenames.

       -B     allows blanks  and  other  special  charackters  in
              passwords.

       -c ccp set a command control program that grants or denies
              the usage of FTP commands through ftp.proxy.

       -d     enter debug mode, the communication between  server
              and client is written to stderr.

       -e     enable  client-side  server  selection.   With this

              the  FTP  server  selected by the client must match
              one of the pattern from the comma  separated  list.
              The wildcards `*' and `?' can be used.

       -t timeout
              specify a different FTP timeout in seconds than the
              default of 900 (15 minutes).

       -v prefix
              set prefix as  variable  prefix  for  the  variable
              passwd to the access and command control program.

       -y     allow any data ports on any remote interfaces (dan­
              gerous!).

       -z size
              sets the amount of data in bytes ftp.proxy tries to
              read with one system call from either the client or
              the server.  The default is 1024 bytes, valid  val­
              ues  range  from  1  to  4096.  Playing around with
              larger values than the  default  may  increase  the
              proxy's data troughput.

       -V     show version number


SYSLOG
       ftp.proxy reports to FTP log facility.

AUTHOR
       Andreas Schoenberg <[email protected]>

SEE ALSO
       inetd(1), tcpproxy(1), syslogd(8), syslog.conf(5).




                         04 FEBRUARY 2002            FTP.PROXY(1)



Maintained by Andreas Schoenberg | Imprint | Data protection policy