test

SunScreen 3.2 Administration Guide

FTP Proxy Service With Proxy User Authentication

The following information is used in this example:

Proxy user name

pu1

Authorized user name

au1

Authorized user password

au1_pw

Backend user name

bu1

Backend user password

bu1_pw

Backend FTP server name

ftp_server

SunScreen proxy server name

sunscreen_fw

Client machine name

tiny

To Set Up the SunScreen Environment

  1. Use the ping command to make sure the backend FTP Server is accessible: 


    ping -s ftp_server

  2. Add an entry in the /etc/hosts file if it is accessible. For example: 


    1.2.3.4 ftp_server

To Configure the FTP Proxy Service

  1. Create the authorized user:

    1. In the Common Objects section, select Authorized User from the Type list.

    2. Select New from the Add New list.

      The Authorized User dialog box appears.

    3. Type a name for this authorized user in the Name field, for example: 


      au1

    4. Select the User Enabled check box.

    5. Type the password: 


      au1_pw

    6. Select the Enabled check box after the Password field.

    7. Retype the password: 


      au1_pw

    8. Click the OK button.

  2. Create a Proxy User:

    1. In the Common Objects section, select Proxy User from the Type list.

    2. Select New from the Add New list.

      The Proxy User dialog box appears.

    3. Type a name for this Proxy User in the Name field, for example: 


      pu1

    4. Select the User Enabled check box.

    5. Type a name in the Authorized User Name field: 


      au1

    6. Type a name in the Backend User Name field, for example: 


      bu1

    7. Click the OK button.

  3. Create a Policy Rule:

    1. Click the Add New button in the Policy Rules area of the Policy Rules page.

      The Rule Definition dialog box appears.

    2. Select the following values for each field:

      Service

      ftp

      Source Address

      *

      Destination Address

      *

      Action

      ALLOW

      PROXY list

      PROXY_FTP

    3. Enable the FTP command options, for example:

      GET

      ALLOW

      CHDIR

      ALLOW

      PROXY USERS

      pu1

  4. Click the OK button.

  5. Save the changes:

    1. Click the Verify Policy button.

    2. Click the Save Changes button.

  6. Test the FTP Proxy Service

    From the client machine:

    1. Make sure the physical connections are good.

    2. Make sure the client machine can access the SunScreen proxy: 


      # ping -s sunscreen_fw

    3. Test the FTP proxy service:

      Command issued 

      ftp sunscreen_fw 

      Username 

      pu1@ftp_server 

      Password 

      For example, au1_pw@bu1_pw (Password is not seen because it is echo suppressed.)

      Example B-2 Screen Output


      tiny# ftp sunscreen_fw
Connected to sunscreen_fw.
220- Proxy: SunScreen FTP Proxy Version 3.2
 : Username to be given as <proxy-user>'@'<FTP-server-host>
 : Password to be given as <proxy-password>'@'<FTP-server-password>
220  Ready.
Name (sunscreen_fw: root): pu1@ftp_server
331- Proxy: Authenticate & connect: 
331  Password needed to authenticate 'pu1'.
Password:       <au1_pw@bu1_pw>
230- Proxy: 
 : Authentication mapped 'pu1' to backend user 'bu1'.
 : Connecting to ftp_server (1.2.3.4) - done.
 Server: 220 ftp_server FTP server (SunOS 5.6) ready.
 Proxy: Login on server as 'bu1'.
 Server: 331 Password required for bu1.
 Proxy: Supplying password to server.
230  Server: User bu1 logged in.
ftp> ls