Hi,

Has anyone been able to use the FTP proxy function with internet explorer successfully? We are using our astaro unit as a proxy server only with Http/s, SMTP & trying FTP. We have a seperate firewall and do not use that functionality on the astaro. The only way to get it to work is using the proxy bypass function in the web browser. Any ideas. I have tried everything and search the forums as well.

Thanks, Julio

__________________
V7.504 on Dell R200 w/ Raid1 and a network of 25 users

I don't see what's going on. Please tell what you are seeing that makes you draw this conclusion.

Cheers -Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Hi,

I should have provided more details. We are using the HTTP/S proxy in an Active Directory Domain using SSO. I have enabled the FTP proxy and set it to non-transparent mode so as to use port 2121.

On internet explorer I have set the ftp proxy to use the astaro unit on port 2121. When we browse to an FTP site it just sits there and does nothing. Normally you will get a pop up box asking for a login to the FTP site. The log is below and I have found some basic info in other posts. I have also tried making changes to IE in the advanced settings for active vs passive FTP with no luck either.

2010:03:14-17:54:45 pharmacyhelp frox[23221]: Connect from 192.168.1.107
2010:03:14-17:55:48 pharmacyhelp frox[23211]: Client flooding control connection
2010:03:14-17:55:48 pharmacyhelp frox[23211]: Closing session

Does anyone have a successful setup that they can share?

Thanks, Julio

__________________
V7.504 on Dell R200 w/ Raid1 and a network of 25 users

Seems to be a bug of some sort. Http proxy has no effect on ftp proxy so they are not related. However in manual mode the proxy request fails from a browser when using astaro ftp proxy port 2121. The same setup is successful in a ftp client so something to do with the way the browser requests are handled. If you hit retry too many times, it does complain about too many connections or something. Have tried it on IE and firefox so not just an IE problem.

No, that's not a bug.

The basic rule for the FTP-Proxy is, that you only use it with real FTP-Clients. That, and only that, is the use case for the frox ftp proxy.

If you want to use a web browser, you can simply use the HTTP-Proxy, which then also handles the FTP protocol.

Hi,

I was thinking that in the back of my mind after reading all the previous information, thanks for the clarification. This is unfortunate though since we occasionally must download files via FTP for our business and there is no way I am going to get my users to run a separate FTP client. Perhaps I will add it to the feature requests.

Thanks, Julio

__________________
V7.504 on Dell R200 w/ Raid1 and a network of 25 users

You know you don't have to use the proxy for FTP, right?
(though you will lose the anti-virus capabilities)

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.5x, HP DL360G5, Xeon 5160, 3GB, RAID, gigE NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

Julio, I think what kbr is telling you is that you presently ARE running with all the protection they would have via the FTP Proxy. Since "FTP" is one of the 'Allowed target services' on the 'Advanced' tab, everyone is doing FTP through the HTTP Proxy.

If you were using FileZilla or some other separate client, you could put the FTP Proxy in 'Transparent' mode or configure the client to use the FTP Proxy on port 2121.

For people using the HTTP/S Proxy in 'Transparent' mode, the 'Allowed target services' are not handled by the HTTP/S Proxy, only HTTP/S. Those folks need the FTP Proxy in 'Transparent' mode or they need a packet filter rule to allow FTP traffic from IE.

At least, that's how I understand the situation.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

I would call it a bug since technically a web browser has the ability to download/access files from an ftp server even with authentication so it is a client and the ftp proxy does consider it a client when used in transparent mode. But we are splitting hair
Also the mention of REAL Clients would be nice in astaro's help file.

Certain features in astaro don't get used till someone actually has a special need and that is why we run into this confusion once in a while. As Bob suggested,

Transparent web proxy --> Only catches http/s requests
Transparent FTP proxy --> Only catches ftp requests.(browser/client)
Standard web proxy --> catches http/s, ftp etc as defined in advanced tab in webadmin.
Standard ftp proxy --> Only works for realftp clients port 2121.

So to sum it all up, in rxjule's case, you will run web proxy in transparent mode and then on the browser proxy settings, put astaro IP port 8080 for ftp proxy only. This way all the ftp requests can be handled by the http proxy without affecting any transparent http requests. No need to run ftp proxy at all.

Hi,

I agree will BillyBob, I went over the help file and it makes no mention of Real ftp clients vs. the Built-in ones in IE, etc. What I did do as suggested was change the ftp proxy settings in the web browsers to port 8080 and have my users access the ftp servers via this format. I saw it in a previous post and it works like a charm.

ftp://username : password@ftpsite

Thanks everyone,
Julio

__________________
V7.504 on Dell R200 w/ Raid1 and a network of 25 users