Re: [users@httpd] Proxying active ftp

[Emmanuel E <emmanuel.e@xxxxxxx>]

proxying ftp itself as is a difficult proposition. even when you set your clients to passive ftp, i dont think its the ftp thats being actually proxied. the ftp request is being converted into a http request and sent to the proxy server. the proxy server performs the actual ftp transaction and returns a http response. the reason is that there was no ftp proxy protocol developed stated or adhered to. proxying ftp as is has to be done by intercepting and inspecting the traffic and rewriting the packets.

now mod_proxy_ftp is not a packet inspector/rewriter.

like i said before the only reason your clients seem to work in passive mode is that they must be converting the ftp request into a http request to the proxy server. in active mode + http proxy i really dont know what the client is supposed to do or what the proxy is supposed to do. there has never been and probably never will be any clear guideline on this this.

if you really want to proxy active ftp connections you might consider using a socks proxy server, though in my experience i have never come across a client that fully supported active ftp over a socks proxy.

you should actually look at the actual network traffic of the ftp and http protocols - http://en.wikipedia.org/wiki/HTTP , http://www.jmarshall.com/easy/http/ , http://en.wikipedia.org/wiki/Ftp and http://slacksite.com/other/ftp.html

Browne, Anthony A wrote:

	Thanks, I now have a better understanding about how the proxy
module handles ftp.

  

also your configuration seems a bit weird. you are running apache on 
port 21
    

	Yes, my configuration is pretty weird. I'm running Apache on
three ports, but clients use 9982 as their ftp proxy. The clients on the
LAN use the Apache ftp proxy as a forward proxy for connections to ftp
servers elsewhere. In other words, I need to forward all ftp requests.
	So, now I'm wondering why the proxy_ftp module is having trouble
with this. Shouldn't it proxy active ftp?

-----Original Message-----
From: Emmanuel E [mailto:emmanuel.e@xxxxxxx]
Sent: Tuesday, May 09, 2006 10:44 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Proxying active ftp

yes ftp cannot be proxied easily. once a control connection is
established (that is on port 21), information is exchanged as to which
ports will be used to transfer the data. the mod_proxy/mod_proxy_ftp
modules respond in http format to ftp requests. that is they process the

ftp request internally on their own using the ftp protocol but the
response is always http. so ftp will not work.

what is happening in your case is that your ftp clients are making a
http request for a ftp resource via a http proxy server. thats why it
works. i am not sure why your client tries to use a proxy when it is
asked to do active ftp.

also your configuration seems a bit weird. you are running apache on
port 21. running it on port 21 dosent make it an ftp server. i am
drawing these conclusions from the following line -

The proxy server could not handle the request GET
ftp://xxxx/products/xxxx/xxxxx/xxxx.exe

if i am guessing right you must be setting proxy to xxxx:9982 in your
ftp client. its a wonder that it works when u disable active ftp.

cheers,
emmanuel

Browne, Anthony A wrote:
  

Hello everyone,

	I have a virtual host that needs to proxy ftp. The config for it
is:

<VirtualHost *:9982>
ServerAdmin xxxx
ServerName xxxx:9982
LogFormat "%t %h %{Host}i \"%r\" %s %B" ftpcommon 
CustomLog logs/9982_access.log ftpcommon
ProxyRequests On 
</VirtualHost>

The problem is that when clients try active ftp connections, they get:

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET 
ftp://xxxx/products/xxxx/xxxxx/xxxx.exe

Reason: connect to xxxx:62715 failed - firewall/NAT?

    

------------------------------------------------------------------------
  

Apache/2.0.54 (Win32) Server at xxxx Port 21

I assume that its active ftp that's causing the problem because of the
    

port numbers, but in any event I don't know what to do next. I've 
tried a bunch of things and none of them have worked. Anyone, have any
    

suggestions?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
    

Project.
  

See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


  
    

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


  

--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx