SunScreen 3.1 Administration Guide

FTP Proxy Service Without Proxy User Authentication

The following information is used in this example:

To Set Up the SunScreen Environment
  1. Type the following to make sure the backend FTP Server is accessible:

    ping -s BackendServer

  2. Add an entry in the /etc/hosts file, if it is accessible.For example: BackendServer

To Configure the FTP Proxy Service
  1. Create a new Service for the FTP proxy service:

    1. Log in to the administration GUI.

    2. On the Policies List page, select the policy and click the Edit... button.

      The Policy Rules page appears.

    3. In the Common Objects section, select Service from the Type choice list.

    4. Click New Single... from the Add New choice list.

      The Service dialog window appears.

    5. Type the name for this new service in the Name field, for example:


    6. Click the Add Filter button and select ftp.

    7. Click the field under Port, and type 21.

    8. Click the OK button.

      Note -

      There is no need to create an Authorized User.

  2. Create the Proxy User:

    1. In the Common Objects section, select Proxy User from the Type choice list.

    2. Select New Single... from the Add New choice list.

      The Proxy User dialog window appears.

    3. Type a name for this Proxy User in the Name field, for example:


    4. Click the User Enabled check-box.

    5. Leave the Authorized User Name field empty.

    6. Type a name in the Backend User Name field, for example:


    7. Click the OK button.

  3. Create a Policy Rule:

    1. Click the Add New... button in the Policy Rules area of the Policy Rules page.

      The Rule Definition dialog window appears.

    2. Edit each field as follows by clicking the down arrow to display the choice list.

      • Service: proxy_ftp

      • Source Address: *

      • Destination Address: *

      • Select Action: ALLOW

      • From the PROXY list select PROXY_FTP.

      • Enable the FTP command options, for example:

        • GET: ALLOW

        • CHDIR: ALLOW

        • PROXY USERS: pu1

    3. Click the OK button.

  4. Save the changes:

    1. Click the Verify Policy button.

    2. Click the Save Changes button.

Test the FTP Proxy Service

From the Client Machine:

  1. Make sure the physical connections are good.

  2. Make sure the client machine can access SunScreen Proxy Server:

    ping -s qa22-efs-hme1

  3. Test the FTP proxy service:

    • Command issued: ftp qa22-efs-hme1

    • Username: pu3@BackendServer

    • Password: put_anything@BkEndUsrName"s password OR: <none>@BkEndUsrName"s password For example, zzz@cherrycoke (Password is not seen because it is echo suppressed.)

      Example B-1 Screen Output

      tiny# ftp qa22-efs-hme1
      Connected to qa22-efs-hme1.
      220- Proxy: SunScreen FTP Proxy Version 3.0
       : Username to be given as <proxy-user>'@'<FTP-server-host>
       : Password to be given as <proxy-password>'@'<FTP-server-password>
      220  Ready.
      Name (qa22-efs-hme1:root): pu3@BackendServer
      331- Proxy: Authenticate & connect:
      331  Password needed to authenticate 'pu3'.
      Password:       <zzz@cherrycoke> OR
      Password:       <@cherrycoke>
      230- Proxy: 
       : Authentication mapped 'pu3' to backend user 'BkEndUsrName'.
       : Connecting to BackendServer ( - done.
       Server: 220 BackendServer FTP server (SunOS 5.6) ready.
       Proxy: Login on server as 'BkEndUsrName'.
       Server: 331 Password required for BkEndUsrName.
       Proxy: Supplying password to server.
      230  Server: User BkEndUsrName logged in.
      ftp> ls