Tuesday, July 07, 2009

FTP Applications and Squid Proxy (AdvProxy for IPCop)

I'm having a lot of trouble with Windows applications that transfer files to and from Internet-based servers via FTP or that tunnel FTP over HTTP. I know I'm in trouble with a Windows file transfer app if it has proxy settings - even if I configure them with the correct proxy info (despite the fact that its a transparent proxy it will gladly accept traffic at port 800) they still fall flat.

Passive FTP from a Windows command prompt works great. Active mode transfers fail, which I can understand as they represent a security threat (open Port 20). I also understand Squid squashing tunneling over HTTP as this is a great way to hide malicious or undesirable traffic, but I'm not sure why applications that seem to use straight Passive FTP fail when the AdvProxy is enabled even though I can use a command-prompt ftp.

I guess I need to look at the traffic with Wireshark (my favorite packet capture and analysis tool) and see what's really happening.

I'm also going to add the kernel module ip_nat_ftp to an IPCop on a network experiencing this problem - the command is modprobe ip_nat_ftp.

If someone reading this has more insight, please share!

No comments: