|interface and port where the client is connected to the proxy.|
|IP number an name of the connected client.|
|PROXY_SERVER, PROXY_SERVERPORT, PROXY_SERVERNAME|
|IP number, port and name of the FTP server the client wants to contact.|
|the supplied username for the FTP server.|
|supplied username and password for usage of the proxy server.|
Furthermore the acps stdout is connected to the FTP client and its stderr is read by ftp.proxy which writes the acps stderr output to syslog.
Notice also that a non-zero acp exit code signals ftp.proxy that somethings wrong and that ftp.proxy should terminate.
Beginning with version 1.1.6 ftp.proxy supports connection translation programs (ctps). A ctp can completly overwrite the users server selection and login. If configured the ctp is called before the acp. It receives the same environment variables like the acp and returns server and login information that should ftp.proxy for the server connection on its stdout. The format of the ctp output lines is
variable [<whitespace>]= [<whitespace>] value
where variable is one of
SERVERNAME, SERVERLOGIN, SERVERPASSWD, SERVERPORTand value the corresponding value. Alternativly to these four variables you can use the shorter forms
SERVER, LOGIN, PASSWD, PORTas variable names. Furthermore the case of the variable names doesnt matter and any whitespace around value is ignored.
The ctp can deny the proxy request by exiting with an non-zero exit code, In which case ftp.proxy drops the connection immediately. Alternativly the ctp can also print a line starting with -ERR, which is written to syslog before the connection is closed.
If a command control program (ccp) is given with the -c option this program is called for the FTP commands
APPE, CDUP, CWD, DELE, LIST, MDTM, MKD,The ccp returns an exit code of 0 to grant and any other to deny access (the exit code to the QUIT command is ignored). For the ccp the same variables as for acps are set with the addition of
NLST, RETR, RNFR, RNTO, RMD, SIZE, STAT,
STOR, STOU, XCUP, XCWD, XMKD, XRMD
The ccps stdout and stderr are connected to ftp.proxy. A one line message written to stdout by the ccp goes to syslog, while a message one stderr is sent to the client. If this message does not contain a status ftp.proxy substitutes a 553 code. If the message is empty the client gets a simle 553 permission denied. Notice that the stderr message is only used if the ccp returns an exit code other the zero.
PROXY_COMMAND, PROXY_PARAMETER FTP command and parameter (if set). PROXY_SESSION a unique identifier for the proxy session. PROXY_CCPCOLL, the clients number of collisions with the ccps permission rules (number of permission denied responses).
On normal program termination (QUIT command or timeout) the ccp is called with the command +EXIT to do some final clean up. It is not reliable that the ccp receives the +EXIT event. There are lots of possiblities that the proxy terminates without generating it, e.g. client timeout, server error or signal reciption by the proxy.
The -m option puts ftp.proxy into the monitor mode. ftp.proxy will then try to keep track of the clients current directory on the server side. With this information the file parameter for the commands
APPE, CDUP, CWD, DELE, LIST, MDTM, MKDis converted into an absolute path. This value is then used in syslog messages and given to a ccp in the PROXY_FTPPATH variable. Furthermore the variable PROXY_FTPHOME contains the users initial directory which is assumed to be his home directory.
NLST, RETR, RNFR, RNTO, RMD, SIZE, STOR,
XCUP, XCWD, XMKD, XRMD
The LIST and NLIST command may have a parameter or not. If it is absent ftp.proxy sets the parameter to * but this affects only the PROXY_FTPPATH variable, not the command that is sent to the server.
For the CDUP command PROXY_FTPPATH contains the full path of the target directory.
Monitoring may not work with all server systems since the output of the PWD command which is used by ftp.proxy to get the current directory in not completely defined. If the directory can not be clearly determined ftp.proxy will terminate.
ftp.proxy can take most of its command line options also from a configuration file which can be set with the -f option.
The following options can be set:
Notice that the file can contain comments and blank lines (usual UN*X-style) but ftp.proxy terminates immediately with an error code if an unknown or invalid configuration option is found.
acp /path/to/acp sets the path to the access control program (-a option). allow-anyremote yes|no if enabled ftp.proxy does not check the remotes end in data connection, required for some bad multi-homed servers and FXP (-y option). allow-blanks yes|no allows blanks in FTP command parameters (-b option). allow-passwdblanks yes|no allows blanks in the FTP login password (-B option). bind portnum sets the port number to which ftp.proxy should bind to, activates daemon mode (-D option). ccp /path/to/ccp sets the path to the command control command (-c option). ctp /path/to/ctp sets the path to the connection translation program (-x option). debug yes|no turns debugging mode on or off (-d option). monitormode yes|no enables monitor mode (-m option). proxy-routing yes|no if enabled ftp.proxy uses the last @ in the username to determine to which server it should connect. This make proxy hopping (or routing) possible (-u option). selectserver yes|no enables client side server selection, disables the server option (-e option). server ftpserver sets the connections FTP server, disables selectserver. serverlist list-of-allowed-server specifies a command separated list of servers to which the clients are allowed to connect (-s option). sourceip ip-number defines the IP address for the outgoing control connection to the remote server, which also determines the local IP address for data transmissions. timeout timeout set the timeout in seconds. xferlog filename sets the location of the xferlog file and enables xferlog logging.
ftp.proxys configuration file supports interface specific configuration sections. Such section begin with a line that starts with
followed by the configuration options for connections on this specific interface. ftp.proxy checks for such sections immidiately after the client connection is accepted. If it finds at least one interface specific section in the configuration file but none for the current interface it considers itself to be not configured for it and drops the connection sending a 421 not available message to the client.
ftp.proxy accepts all global configuration options from above (allthough not all make sense, e.g. bind) in interface specific section. That is, ftp.proxy can have completely different configurations on different interfaces. But to deactivate a non-boolean option, e.g. ctp you can not simply give the option without a value, this would be considered as bad configuration option. Instead you must supply a single dash - to clear an option.
ftp.proxy prints an error message and terminates immediately if it finds an unknown or bad configuration option. More worse, these error messages are printed to ftp.proxys stderr and not to syslog which makes it a little bit difficult to observe. ftp.proxy addresses this issue by supporting the -F option.
The -F option sets the configuration file and the check-and-print option, that is ftp.proxy will only read, check and print its configuration options as they are set after reading the configuration. An interface IP-number may be given as optional command line parameter to make ftp.proxy print the configuration for this particular interface.
The following options are available:
-a acp specify an access control program that grants or denies access via ftp.proxy. -b allows blanks in filenames. -B allows blanks and other special charackters in passwords. -c ccp sets a command control program that grants or denies the usage of FTP commands through ftp.proxy. -d enter debug mode, the communication between server and client is written to stderr. -f configfile sets ftp.proxys configuration file. -F configfile [interface] read and print the proxy configuration for interface from configfile. If interface is missing the global configuration is printed. This is a check-only option, after the configuration has been printed ftp.proxy terminates, no connection handling is done. -e enable client-side server selection. With this option the server argument isnt accepted. -l sets logging of most of the FTP commands. -m sets the monitor mode. -p port tell ftp.proxy to use port as source port for data transfers (using port number 20 is FTP standard). Keep in mind that port numbers below 1024 require root permissions. -q sourceip sets the IP number for the outgoing control connection. -s list the FTP server selected by the client must match one of the pattern from the comma separated list. The wildcards * and ? can be used. -t timeout specify a different FTP timeout in seconds than the default of 900 (15 minutes). -u search for the last appearance of an @ in the username. This allows the use of usernames with a @ in it. Be careful with this option, this can be abused to do proxy hopping! -v prefix set prefix as variable prefix for the variable passwd to the access and command control program. -x ctp set a connection translation program to overwrite the server and login information supplied by the user. -X file write xferlog loggin to file. -V show version number -y allow any data ports on any remote interfaces (dangerous!). -z size sets the amount of data in bytes ftp.proxy tries to read with one system call from either the client or the server. The default is 1024 bytes, valid values range from 1 to 4096. Playing around with larger values than the default may increase the proxys data troughput.
ftp.proxy reports to FTP log facility on linux and BSD systems and Daemon log facility on other.
Andreas Schoenberg <email@example.com>
|-->||FTP.PROXY (1)||23 JANUARY 2003|