<x-flowed> Hi there Does someone have some suggestions for the following:
I am running an ftp server on a linux box on live address space behind my firewall. I am trying to give someone access who is behind a (corporate) firewall. This person can login, but cannot get any dir listings etc. Both Active and passive modes fail for him. I have actually temporarily opened up all ports on my end for this user just for testing purposes and get the same result so it must be something to do with the firewall on their end. However, the thing is, they can access other ftp servers without a problem (eg: ftp.cisco.com, ftp.redhat.com etc). The same problem occures whether they login via ftp proxy on my firewall or directly to the ftp server itself. Questions are: - Is ftp proxy supposed to help solve problems like this? - How are other ftp sites (eg: ftp.cisco.com, ftp.redhat.com etc) normally configured? ie: why can the person get access to them, but not to mine? TIA MB _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 </x-flowed> From [EMAIL PROTECTED] Mon Nov 04 10:12:32 2002 X-Persona: <ftp.pproxy> Return-path: <[EMAIL PROTECTED]> Received: from sj-msg-core-1.cisco.com ([171.71.163.11]) by compucation.de ([213.185.64.44]) with SMTP (MDaemon.PRO.v6.5.0.R) for <[email protected]>; Fri, 01 Nov 2002 04:55:15 +0100 Subject: [general-l] An extension of ftpproxy {01} From: Damian Ivereigh <[EMAIL PROTECTED]> To: "general-l List Member" <[email protected]> Organization: Cisco Systems Inc Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.1.2 (Preview Release) Date: 01 Nov 2002 14:50:30 +1100 X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 171.71.163.11 X-MDRcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 171.71.163.11 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] Precedence: bulk List-Unsubscribe: <mailto:[EMAIL PROTECTED]> X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [email protected] X-Eudora2Unix: 3905-11-05T08:39:35Z converted Hi all, First of all, I just want to say what a great program ftpproxy is. It is well written, well documented and saved me a bunch of hassle. Thanks for writing it! Now I have a little extension I have written to it. What this does is establish yet another "translation" script, called with -x What this does (aside from the usual checking the exit status), is to pass back values for: SERVERNAME, SERVERLOGIN, SERVERPASSWD & SERVERPORT. These are read from the stdout of the script in the form of:- SERVERNAME=server1.cisco.com SERVERLOGIN=scanning SERVERPASSWD=scan123 Why is this useful? I have been setting up an ftp proxy that will allow machines (they are Xerox scanners) to ftp to the proxy and immediately be redirected to the real ftp server. However I wanted the ultimate real server to be different according to what the username was specified on the proxy. I also wanted to store the real username & password on the proxy server, not the scanner (where it is very insecure). So for example a login into the proxy of template1 would send the connection to "server1.cisco.com", username "scanning", password "scan123" The patch definately works, but there are a couple of rough edges that I would like to clean up and, of course, I need to update the man pages. However before I do all that, is there interest in this going into the main code? The patch is against the latest code release that I can find: ftpproxy-1.1.6.beta4 Let me know, Damian -- Damian Ivereigh CEPS Team Lead Desk: +61 2 8446 6344 Mob: +61 418 217 582 Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x24E7A68F Attachment Converted: "d:\programme\qualcomm\eudora\attach\ftpproxy-trans.patch" Attachment Converted: "d:\programme\qualcomm\eudora\attach\signature10.asc" From [EMAIL PROTECTED] Tue Nov 12 10:04:23 2002 X-Persona: <ftp.pproxy> Return-path: <[EMAIL PROTECTED]> Received: from cwb.pacific.net.hk ([202.14.67.92]) by compucation.de ([213.185.64.44]) with SMTP (MDaemon.PRO.v6.5.1.R) for <[email protected]>; Tue, 12 Nov 2002 04:18:55 +0100 Message-ID: <[EMAIL PROTECTED]> X-Sender: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Tue, 12 Nov 2002 11:26:56 +0800 To: "general-l List Member" <[email protected]> From: [EMAIL PROTECTED] Subject: [general-l] ftp servers that not on port 21 {01} Mime-Version: 1.0 X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 202.14.67.92 X-MDRcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 202.14.67.92 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] Precedence: bulk List-Unsubscribe: <mailto:[EMAIL PROTECTED]> X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [email protected] X-Eudora2Unix: 3905-11-05T08:39:35Z converted <x-flowed> 'lo there Does ftp.proxy supports connecting to ftp servers that are not listening on port 21? Rgs, Loop </x-flowed> From [EMAIL PROTECTED] Tue Nov 12 10:04:23 2002 X-Persona: <ftp.pproxy> Return-path: <[EMAIL PROTECTED]> Received: from sj-msg-core-4.cisco.com ([171.71.163.54]) by compucation.de ([213.185.64.44]) with SMTP (MDaemon.PRO.v6.5.1.R) for <[email protected]>; Tue, 12 Nov 2002 06:20:53 +0100 Subject: [general-l] ftp servers that not on port 21 {02} From: Damian Ivereigh <[EMAIL PROTECTED]> To: "general-l List Member" <[email protected]> In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Organization: Cisco Systems Inc Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.0 Date: 12 Nov 2002 16:16:17 +1100 X-Lookup-Warning: MAIL lookup on [EMAIL PROTECTED] does not match 171.71.163.54 X-MDRcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 171.71.163.54 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] Precedence: bulk List-Unsubscribe: <mailto:[EMAIL PROTECTED]> X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [email protected] X-Eudora2Unix: 3905-11-05T08:39:35Z converted Yup. Damian On Tue, 2002-11-12 at 14:26, [EMAIL PROTECTED] wrote: > 'lo there > > Does ftp.proxy supports connecting to ftp servers that are not listening > on port 21? > > Rgs, > Loop -- Damian Ivereigh CEPS Team Lead Desk: +61 2 8446 6344 Mob: +61 418 217 582 Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x24E7A68F Attachment Converted: "d:\programme\qualcomm\eudora\attach\signature13.asc" From [EMAIL PROTECTED] Mon Nov 18 14:41:48 2002 X-Persona: <Compucation> Return-path: <[EMAIL PROTECTED]> Received: from boxedi1.edt.fr ((boxedi.edt.fr) [194.51.8.19]) by compucation.de ([213.185.64.44]) with SMTP (MDaemon.PRO.v6.5.1.R) for <[EMAIL PROTECTED]>; Mon, 18 Nov 2002 14:37:07 +0100 X-Lotus-FromDomain: EDT From: [EMAIL PROTECTED] To: "Andreas Schoenberg" <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Date: Mon, 18 Nov 2002 14:40:53 +0100 Subject: [general-l] ftp.proxy trouble {01} Mime-Version: 1.0 Content-Disposition: inline X-MDRcpt-To: [EMAIL PROTECTED] X-MDRemoteIP: 194.51.8.19 Sender: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] Precedence: bulk List-Unsubscribe: <mailto:[EMAIL PROTECTED]> X-MDMailing-List: [EMAIL PROTECTED] X-MDSend-Notifications-To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-MDRedirect: 1 X-MDaemon-Deliver-To: [EMAIL PROTECTED] X-Eudora2Unix: 3905-11-05T08:39:35Z converted When I try to connect to the proxy from the local network, it works fine. But from another network, it just say '421 Service not available, remote server has closed connection' I see the corresponding attempt in syslog file Nov 18 14:24:13 myproxymachine ftp.proxy[23008]: connected to client: myclient.notonthesamenetwork.com Nov 18 14:24:13 myproxymachine ftp.proxy[23008]: info: monitor mode: off, ccp: <unset> Nov 18 14:24:13 myproxymachine ftp.proxy[23008]: +OK: proxy terminating Any idea ? Thanks for your help Nicolas Varney PS: ftp.proxy running on a RedHat Linux 7.3 system here is the ftp file for xinetd: # default: on # description: This is the ftp protocol proxy service service ftp { disable = no socket_type = stream protocol = tcp wait = no user = root group = root server = /usr/local/sbin/ftp.proxy server_args = myrealftpserver.com }
