FTP proxy/server

Existing FTP clients without any proxying feature can use DeleGate as a FTP proxy in two ways:

USER user@host

at login time, enter the host name of a FTP server after user name.

CWD //host[/path]

at any time, enter the host name of a FTP server after "//" as if it is a directory

A user name can be followed by an account name as follows.
USER user~account@host

Also the complete format user:pass@host[:port] as the generic server specification in URL is usable both for USER and CWD like follows.

USER ftp:foo%40bar@server
CWD //ftp:foo%40bar@server/path


On a multi-homed host, or on a host behind a firewall, the IP address or port number used for data connections might have to be controlled by SRCIF.

Example: proxy FTP-DeleGate

firewall% delegated -P8021 SERVER=ftp


Then you can connect to arbitrary FTP servers (which may be outside of firewall) via this FTP-proxy.

internal% ftp
ftp> open firewall 8021
220- firewall PROXY-FTP server (DeleGate/6.1.0) ready.
220-   @ @
220-  ( - ) { DeleGate/6.1.0 (February 3, 2000) }
...
220- --
220- You can connect to a SERVER by `user' command:
220-    ftp> user username@SERVER
220- or by `cd' command (after logged in as an anonymous user):
220-    ftp> cd //SERVER
220- Cache is enabled by default and can be disabled by `cd .' (toggle)
220- This (proxy) service is maintained by 'admin@your.domain'
220  
Name (yourhost:yourname): ftp@ftp1
331-- USER for ftp@ftp1.
220- ftp1 FTP server ready.
331- Guest login ok, send your complete e-mail address as password.
331--  @ @  
331  \( - )/ -- { connected to `ftp' }
Password: me@my.domain
230 Guest login ok, access restrictions apply.
ftp> cd //ftp2
250-- CWD for ftp@ftp2
220- ftp2 FTP server ready.
230- Guest login ok, access restrictions apply.
250--  @ @  
250  \( - )/ -- { connected to `ftp2' }
ftp> 

Note: The majority of ftp clients can allow to specify the port number of FTP at command line like:
internal% ftp firewall 8021

Example: cascaded FTP-Proxy

firewall# delegated -P21 SERVER=ftp PERMIT="ftp:*:internal"
internal# delegated -P21 SERVER=ftp PROXY=firewall:21


Example: FTP MOUNT with filtering, merging and aliasing

firewall# delegated -P21 SERVER=ftp://serv1/ \


MOUNT="/pub2/* ftp://serv2/pub/*"

This DeleGate relays the whole contents of serv1 except for "/pub2/*" which is replaced by that of "ftp://serv2/pub/*"

Example: MOUNT to non-anonymous FTP (and sftp) server

MOUNT="/sv0/* ftp://serv0/*"
MOUNT="/sv1/* ftp://serv1/%2F*"
MOUNT="/sv2/* ftp://serv2/%2F* logindir"

The url-path in the URL of FTP (as ftp://server/url-path) is interpreted as the relative path from the login-directory of a user (RFC1738). The absolute path from the root directory in the server is to be represented as ftp://server/%2Fabs-url-path where "%2F" represents the url-encoded string of "/" for the root directory. In the case of MOUNT for non-anonymous FTP (and sftp) server, it is usual that a login-directory is not the root directory in the server. In the above examples of MOUNTs, the first one shows only the directory tree under a login-directory while the second one shows the whole directory tree under the root. This becomes necessary to allow users to access to the whole directory and/or to do cache data of non-anonymous users. The third one with "logindir" option shows the whole tree but the current directory right after login is set to the login-directory.

Example: FTP to LPR (Line Printer Daemon Protocol) gateway

MOUNT="/* lpr://printer0/queue0/*"
MOUNT="/pr1/* lpr://printer1/queue1/*"
MOUNT="/pr2/* lpr://printer2/queue2/*"


A LPR/FTP-DeleGate allows FTP clients to access to remote printers; printing a file by FTP file uploading and showing a printer status by FTP directory listing. MountOption "readonly" will inhibits listing the status.

Example: origin FTP-DeleGate

host# delegated -P21 SERVER=ftp MOUNT="/* /path/of/root/*" RELAY=no


"RELAY=no" prohibits the DeleGate to work as a proxy FTP server. Writing to the file is disabled by default in origin FTP-DeleGate. You need to specify "rw" (read/write) as a mount option to MOUNT points to be writable, like MOUNT="/xxx/* /yyy/* rw".
Retrieving the whole contents under a specified directory and returning it as a single file in tar format by "RETR directory.tar" command is supported to be enabled by adding "tar" to the REMITTABLE list like REMITTABLE="+,tar".

FTPCONF parameter*  ==  FTPCONF=ftpControl[:{sv|cl}]
           ftpControl  ==  nopasv | noport | noxdc | rawxdc
                    --  default: none

nopasv

disables PASV command for data connection.

noport

disables PORT command for data connection.

noxdc

disables XDC mode for data transmission on control connection.

rawxdc

transmit data without encoding into BASE64 on XDC mode

If a ftpControl listed above is followed by ":sv" or ":cl" like "nopasv:sv" for example, the ftpControl is applied only for server side or client side respectively.

doepsv:sv

use EPSV (instead of PASV) with FTP servers

doeprt:sv

use EPRT (instead of PORT) with FTP servers

bounce:{no|do|th|cb|rl}

-- default: FTPCONF=bounce:no
controls how to manipulate FTP Bounce.

no -- reject any FTP Bounce


do -- permit any FTP Bounce


th -- don't care FTP Bounce (backward compatible)


cb -- convert FTP Bounce to "EPRT |||port|"


rl -- reject FTP Bounce by REJECT="ftp-bounce:*:clientHost"


forcexdc

enables XDC mode even if the destination server is on the same host

proxyauth

enables authentication and authorization as a proxy FTP server. A username as user@server is decomposed into user and server and used for matching in AUTHORIZER as AUTHORIZER=-list{user:pass}(reprUser):ftp:server". Also it enables generation of authentication information to be forwarded to the server by MYAUTH as MYAUTH="genuser:genpass:ftp:server:-a/user@*".

servon=init|user|pass

select the timing of connection establishment to the MOUNTed server. By default, the connection to a server is initiated on the command from the client, of which argument selects the MOUNT point, after the authentication finished (with USER and PASS). servon="init" forces immediate connection to a server on the client connection and doing authentication by the server (as SERVER=ftp://server). "user" or "pass" specifies connecting to a server on "USER" or "PASS" command respectively.

usdelim:{setOfDelimiters}

-- default: FTPCONF="usdelim:*%#"
a set of delimiters usable in place of "@" in "user@site", ex. "ftp://user*server@proxy" or "ftp://anonymous:name*domain@server".

hideserv -- hide server's identification

Don't relay the opening message from the server to client which may include the identification information about the server.

nounesc -- disables unescaping %XX notation in arguments to the server.

If this option is not specified, %XX notation included in arguments representing path, like "%2Fhome/" for example, is unescaped by default.

FTPCONF can be applied on a specific condition by specifying it as a MountOption like MOUNT="vURL rURL FTPCONF=ftpConf" or with CMAP like CMAP=ftpConf:FTPCONF:connMap.

The format of PROTOLOG for FTP protocol is so called xferlog(5) which is compatible with that of "wu-ftp". Each line of xferlog consists of following elements (in a single line).

currentTime transferTime clientHost


fileSize fileName transferType specialActionFlag direction accessMode
userName serviceName authenticationMethod authenticatedUserID DeleGateStatus

transferTime is the total time in seconds for the transfer. transferType is either "a" (ascii) or "b" (binary). specialActionFlag is always "_" (none) in the current implementation. direction is either "o" (outgoing) or "i" (incoming). accessMode is either "a" (anonymous) or "r" (real user). userName is e-mail address with accessMode "a", or a real user name with accessMode "r". serviceName is always "ftp" in the current implementation. authenticationMethod is either "0" (none) or "1" (RFC1413 Authentication). authenticatedUserID is the user id got via the authenticationMethod or "*" without authentication. DeleGateStatus is one of "L" (local file), "H" (cache hit), "N" (cache miss).

Example:

Mon Feb 28 15:32:15 2000 13 proxy.xyz.co.jp

182558 /ftp/pub/DeleGate/Manual.htm a _ o a
webmaster@xyz.co.jp ftp 0 * L

---