FTP Proxy Operation
When the FTP proxy starts, it reads its policy files and then listens on the standard FTP port (21) for connections. When a connection is made, the FTP proxy starts a new thread to handle the connection, and the main thread returns to listening for other connections.
The child thread generates an FTP login banner and asks for a user name/password pair. The user name format is proxyuser@server. The password format is proxypass@serverpass, where proxypass is the password for the proxy, and serverpass is the password for the destination FTP server.
The FTP proxy validates the proxyuser name using proxypass as was described previously. The hostname (backend server), given in the USER command after the first @ character, is translated to its IP address(es) using the hostname-to-address translation mechanism configured for and in the context of the FTP proxy. The resulting addresses provide the values to use as matching criteria for the destination addresses in the proxy rules.
The standard proxy rule matching (given above in the section "Policy Rule Matching") is employed. If a match is found, a connection is established to the FTP server of the user-requested destination (if multiple addresses result from the translation of the user-specified backend server, they are each tried in the order yielded by the name translation mechanism (for example, DNS)).
Once a connection to the backend server is established, the proxy attempts to login using the backend username generated during authentication and using serverpass as the password (see "Proxy User Authentication" above). Once the backend user identity is established, commands that are allowed by flags associated with the policy rule in use are relayed, results returned, and files exchanged.
The following example illustrates a session between an FTP connection to a target host (ftp.cdrom.com) using anonymous FTP.
#ftp screen Connected to screen 220- Proxy: SunScreen FTP Proxy Version 2.0 :Username to be given as proxy-user@FTP-server :Password to be given as proxy-pass@FTP-server-pass 220 Ready Name (screen:edison): anonymous@ftp.cdrom.com 331-Proxy: Authenticate and connect 331 Password needed to authenticate anonymous. Password: :Authentication mapped anonymous to backend user anonymous :Connecting to ftp.cdrom.com (165.113.121.81) - done Server: 220 wcarchive.cdrom.com FTP server (Version 2.0) ready Proxy: Login on server as anonymous Server: 331 Guest login OK, send your email address as password Proxy: Supplying password to server 230-Server: 230-Welcome to wcarchive - home ftp site for Walnut Creek CD-ROM 230-There are currently 2273 users out of 2750 possible 230 Guest login OK, access restrictions apply |
- © 2010, Oracle Corporation and/or its affiliates