Security Basics mailing list archives
Re: FTP Proxy
From: Fernando Gont <fernando () gont com ar>
Date: Wed, 28 Jan 2004 21:15:10 -0300
At 10:27 28/01/2004 -0300, pablo gietz wrote:
We need to connect to a outside FTP server on the Internet with FTP client (not browser).We use Squid proxy for http.The problem seems to be simple but because the security design is quite complicated this is the schema: FTP Client --> Dept Firewall -->Internal Router--> Squid chache--> External Firewall --> Remote FPT server (Internet)SO wath can i do ? Nat? FTP proxy? I need to solve this
You can either configure both firewalls to let you use FTP, or use NAT for it.Configure the FTP client so that it does passive transfers rather than active transfers.
If the client is configured to do active transfers, then the client will issue the connection request to the FTP server (for the control connection), while it'll be the FTP server the one that will issue the connection request for the data connection. That means that if you want to do active transfers, you must allow incoming connections requests to your network (which you probably don't want to do).
If the client is configured to do passive transfers, the the client will use the connection requests for both the control and data connections. That means, you won't need to allow incoming connection requests to hosts inside your network.
I think it's the best option.Note that the FTP protocol itself has no cache support built in the protocol (as HTTP *has*). So I'd solve the problem with either a NAT or by configuring the firewall accordingly. An FTP proxy will probably only add unnecesary overhead.
-- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org ---------------------------------------------------------------------------Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- FTP Proxy pablo gietz (Jan 26)
- Re: FTP Proxy Narendra Prabhu (Jan 27)
- Re: FTP Prox Andrey Ponomarev (Jan 27)
- Re: FTP Proxy Fernando Gont (Jan 28)
- Re: FTP Proxy pablo gietz (Jan 28)
- Re: FTP Proxy Fernando Gont (Jan 29)
- RE: FTP Proxy David Gillett (Jan 29)
- RE: FTP Proxy Fernando Gont (Jan 30)
- RE: FTP Proxy David Gillett (Jan 30)
- RE: FTP Proxy Fernando Gont (Jan 30)
- RE: FTP Proxy David Gillett (Jan 30)
- Re: FTP Proxy pablo gietz (Jan 28)
- Re: FTP Proxy pablo gietz (Jan 30)
- Re: FTP Proxy Fernando Gont (Jan 30)