FTP Proxy Service Without Proxy User Authentication

The following information is used in this example:

Proxy user name

pu1

Authorized user name

none

Authorized user password

none

Backend user name

bu1

Backend user password

bu1_pw

Backend FTP server name

ftp_server

SunScreen proxy server name

sunscreen_fw

Client machine name

tiny

To Set Up the SunScreen Environment

The ping command must be enabled in the Rules page before you can perform the following procedure.

1. Type the following to make sure the backend FTP Server is accessible:

   ping -s ftp_server

2. Add an entry in the /etc/hosts file if it is accessible. For example:

   1.2.3.4 ftp_server

To Configure the FTP Proxy Service

There is no need to create an authorized user.

1. Create the proxy user:

   1. In the Common Objects section, select Proxy User from the Type list.

   2. Select New Single from the Add New list.

      The Proxy User dialog box appears.

   3. Type a name for this Proxy User in the Name field, for example:

      pu1

   4. Select the User Enabled check box.

   5. Leave the Authorized User Name field empty.

   6. Type a name in the Backend User Name field, for example:

      bu1

   7. Click the OK button.

2. Create a Policy Rule

   1. Click the Add New button in the Policy Rules area of the Policy Rules page.

      The Rule Definition dialog box appears.

   2. Select the following values for each field:

      Service

      proxy_ftp

      Source Address

      *

      Destination Address

      *

      Select Action

      ALLOW

   3. From the PROXY list, select PROXY_FTP.

   4. Enable the FTP command options, for example:

      GET

      ALLOW

      CHDIR

      ALLOW

      PROXY USERS

      pu1

   5. Click the OK button.

3. Save the changes:

   1. Click the Verify Policy button.

   2. Click the Save Changes button.

To Test the FTP Proxy Service

From the client machine:

1. Make sure the physical connections are good.

2. Use the ping command to make sure the client machine can access the SunScreen proxy:

   # ping -s sunscreen_fw

   ---

   Note -

   The ping command must be enabled in the Rules page before you can perform this procedure.

   ---

3. Test the FTP proxy service.

   For example, the following values produce the screen output in Example C-1:

   Command issued

   ftp sunscreen_fw

   User name

   pu1@ftp_server

   Password

   put_anything@bu1_pw OR:<none>@bu1_pw For example, zzz@bu1_pwPassword is not seen because it is echo suppressed.

   ---

   Example B-1 Screen Output

   
   

   tiny# ftp sunscreen_fw Connected to sunscreen_fw. 220- Proxy: SunScreen FTP Proxy Version 3.2 : Username to be given as <proxy-user>'@'<FTP-server-host> : Password to be given as <proxy-password>'@'<FTP-server-password> 220 Ready. Name (sunscreen_fw: root): pu1@ftp_server 331- Proxy: Authenticate & connect: 331 Password needed to authenticate 'pu1'. Password: <zzz@bu1_pw> OR Password: <@bu1_pw> 230- Proxy: : Authentication mapped 'pu1' to backend user 'bu1'. : Connecting to ftp_server (1.2.3.4) - done. Server: 220 ftp_server FTP server (SunOS 5.6) ready. Proxy: Login on server as 'bu1'. Server: 331 Password required for bu1. Proxy: Supplying password to server. 230 Server: User bu1 logged in. ftp> ls

   ---