Proxy and ftp and linux

Какой ftp клиент умеет работать через прокси из консоли?

debian 7 пробую ftp_proxy со стандартным — один фиг долбится напрямую

Стандартный, это какой? Как пробуешь?

ну как стандартно пробую ftp сервер, получаю Connection timed out, открываю напрямую порт — работает

если важно прокся squid3, браузер нормально все показывается на ftp (на другой машине)

squid на 192.168.1.2 говорит, что запрос получил и проксировал.

Покажи как передаёшь адрес прокси и как именно пытаешь потом куда-нибудь зайти со всеми сообщениями об ошибках.

передаю в баше export ftp_proxy=«ххх:yyy»

как вообще правильно передать адрес прокси?

There are two kinds of ftp proxies: proxies for ftp clients and proxies for web browsers.

Midnight Commander only supports ftp proxies which are meant for ftp clients. Common WWW proxies (like Squid) are not supported. A rule of thumb is that if a ftp proxy works with a web browser, it won’t work with Midnight Commander.

Существует два типа прокси-серверов ftp: прокси для ftp-клиентов и прокси-серверов для веб-браузеров.

Midnight Commander поддерживает только ftp-прокси, предназначенные для ftp-клиентов. Общие прокси-серверы WWW (например, Squid) не поддерживаются. Эмпирическое правило: если прокси-сервер ftp работает с веб-браузером, он не будет работать с Midnight Commander.

Источник

Как настроить прокси в Linux

Как настроить прокси в Linux

В статье показано как настроить прокси в любой версии ОС Linux.

Прокси-сервер или proxy — в переводе с англ. «представитель» — сервер как комплекс программ в компьютерных сетях, позволяющий клиентам выполнять косвенные запросы к другим сетевым службам. В рамках данного материала прокси понимается сервер выполняющий доступ к глобальной сети интернет.

Проще всего для использования прокси в командной строке, но в зависимости от типа трафика, Вы можете определить переменные окружения http_proxy, https_proxy или ftp_proxy.

Практически все утилиты командой строки, такие как curl, wget, ssh, apt-get, ftp, wget, yum и прочие, используют данные переменные.

Рассмотрим настройку переменных для использования прокси

Используйте следующий синтаксис для настройки таких типов трафика как http, https и ftp из командной строки:

$ export ftp_proxy=»http://proxy-server:port»
$ export http_proxy=»http://proxy-server:port»
$ export https_proxy=»https://proxy-server:port»

Используйте следующий синтаксис, если прокси-сервер требует аутентификацию:

$ export http_proxy=»http://user:pass@proxy-server:port»
$ export https_proxy=»https://user:pass@proxy-server:port»
$ export ftp_proxy=»http://user:pass@proxy-server:port»

Если Ваш пароль содержит спец. символы, Вы должны заменить их на ASCII коды.

Например символ собаки «@», должен быть заменен на «%40» (т. е. p@ss = p%40ss).

Тестирование работы

Используйте следующую команду для проверки текущих переменных прокси:

$ env | grep -i proxy

Можно проверить работу прокси, узнав ваш внешний IP адрес из командной строки:

Источник

Linux Proxy Server Settings – Set Proxy For Command Line

To use a proxy on the Linux command-line, you can set the environment variables http_proxy , https_proxy or ftp_proxy , depending on the traffic type.

These proxy server settings are used by the almost all Linux command-line utilities, e.g. ftp , wget , curl , ssh , apt-get , yum and others.

If you don’t know yet which proxy server to use, you can take one from the lists of the free public proxy servers at the end of this article.

Cool Tip: Need to improve security of the Linux system? Encrypt DNS traffic and get the protection from DNS spoofing! Read more →

Export Proxy Server Settings

Set these variables to configure Linux proxy server settings for the command-line tools:

If a proxy server requires authentication, set the proxy variables as follows:

Special Characters: If your password contains special characters, you must replace them with ASCII codes, for example the at sign @ must be replaced by the %40 code, e.g. p@ssword = p%40ssword .

Test The Proxy Server From The Linux Command-Line

First off all it is required to check that the proxy server settings are set in the corresponding proxy variables.

Than it is required to ensure that your public IP address has changed.

Also it would be interesting to measure and compare response time of the remote resources and the Internet speed with and without proxy.

Check the current proxy server settings:

Check your public IP address from the Linux command-line:

Compare the difference in the response time with the configured proxy and without it:

Check the Internet download speed through the proxy:

Unset Linux Proxy Variables

Use the following commands to disable proxy:

Cool Tip: Stay anonymous during port scanning! Use Nmap + Tor + ProxyChains ! Safe and easy penetration testing! Read more →

Automate Proxy Server Settings In Linux

If you use the same proxy server settings for the https , http and ftp traffic, you can use the following commands to set and unset the proxy settings:

If you use a proxy server often, you can create Bash functions as follows (add to your

Now use the setproxy and unsetproxy commands to set and unset Linux proxy server settings.

Lists of Free Public Proxy Servers

WARNING: Free public proxy servers can insert your IP address into the headers of requests or sniff your traffic! Don’t use them to transfer sensitive data and do not expect anonymity!

• Hide My Ass
• Proxy Server List
• Anonymous Public Proxy Servers
• Daily HTTP Proxies

Cool Tip: Even if you use proxy server, all your DNS queries still go to the name servers of your ISP (Internet Service Provider)! Improve anonymity, by using free public name servers! Read more →

Источник

Использование HTTP proxy и SOCKS в Linux

В Linux существует много полезных консольных команд, которые при необходимости хотелось бы запустить через proxy. Некоторые приложения имеют встроенную поддержку proxy, а некоторые нет. Далее описано как пользоваться востребованными утилитами через proxy, даже теми, которые этой поддержки не имеют.

curl: передача данных через proxy

curl имеет полноценную поддержку как HTTP proxy так и SOCKS.

Для тестирования возможно использовать proxy сервера из бесплатных списков (socks — sockslist.net, и HTTP proxy — proxyhttp.net). Проверка IP адреса будет производиться с помощью ресурса check-host.net

Часть параметров curl можно записать в файл

С помощью time и curl также можно замерить время отклика сервера:

Результат будет выглядеть так:

wget: закачка файлов через proxy

wget имеет встроенную поддержку proxy. Недостаток лишь в том, что только поддержку HTTP proxy. Для использования совместно с SOCKS рекомендуется использовать соксификатор dante.

Чтобы все время не указывать —proxy-user и —proxy-password можно их прописать в файл

ssh: доступ к серверам

Для доступа к серверам через ssh и proxy также лучше использовать соксификатор dante.

Соксификатор dante

С помощью socksify можно направить через proxy почти любое приложение, не только консольное.

Чтобы все время не вводить данные о proxy можно создать файл /etc/socks.conf
Пример для SOCKS:

Пример для HTTP proxy с авторизацией:

А также экспортировать переменные SOCKS_USERNAME и SOCKS_PASSWORD, если для SOCKS или HTTP proxy требуется авторизация:

DNS запросы через proxy

Часто требуется чтобы и преобразование имен происходило через proxy. Если использовать dante, то запрос на преобразование имен идет и через proxy, и через именной сервер указанный в /etc/resolv.conf . Понять почему же идет два одинаковых запроса вместо одного не удалось. Поэтому можно предложить два варианта:
1) Закомментировать именные сервера в файле /etc/resolv.conf, чтобы преобразование имен шло только через proxy. Это отразится на всей системе.
2) Изменить /etc/resolv.conf и выставить именные сервера необходимой страны, или просто отличные от серверов провайдера. Например установить сервера Google:

Чтобы данные не были перезаписаны именными серверами провайдера (при переподключении), можно запретить обновление списка именных серверов сетевому менеджеру (NetworkManager/wicd) или DHCP-клиенту (спасибо ergil за корректировку).

Или воспользоваться «грубым» методом — запрещением изменения файла /etc/resolv.conf:

Если есть какие-то дополнения, пожалуйста, напишите, это будет полезно узнать и применить.

Источник

ftp.proxy(1) — Linux man page

ftp.proxy — FTP proxy server

Synopsis

Description

ftp.proxy is a proxy server for a subset of the file tranfer protocol described in RFC 959. It forwards traffic between a client and a server without looking too much if both hosts do real FTP. The FTP server can be either given on the command line or supplied by the client.

ftp.proxy can be started from a TCP superserver like inetd(1) or tcpproxy(1). but can also bind to a TCP/IP port on it’s own and run in standalone (or daemon) mode.

Protocol Support ftp.proxy supports the following FTP commands: ABOR, ACCT, APPE, CDUP, CWD, DELE, FEAT, LIST,
MDTM, MKD, MODE, NLIST, NOOP, PASS, PASV, PORT,
PWD, QUIT, RETR, REST, RNFR, RNTO, RMD, SITE,
SIZE, SMNT, STAT, STOR, SYST, TYPE, USER, XCUP,
XCWD, XMKD, XPWD, XRMD Transfer of structured data is not supported.

Command Parameters By default ftp.proxy does not accept blanks in command parameters. This is to protect your UNIX server against users who work on computers where these things are usual.

To allow blanks the option -b must be given on the command line. Notice that blanks at the beginning or end of the parameter are still not supported.

The ‘SITE’ is in neither case affected by this limitation, ftp.proxy accepts always blanks in ‘SITE’ parameters.

The option -y enables ftp.proxy to accept data connections from different remote interfaces. Try to avoid using this option, because it can cause security problems (see HISTORY for details).

Server Selection If client-side server selection it turned on with the -e option the user must select the FTP server he wants to use with the ‘@’ notation. Instead of specifying the real ftp server on the command line the user has to connect to the gateway machine where ftp.proxy is running and to enter the username in the form remote-user@remote-ftp.server The password that is send to the proxy server is the password required for logging into remote-ftp-server with the account remote-user.

In situations where the FTP client doesn’t support usernames containing an ‘@’ the percent sign ‘%’ might be used for that.

Access Control If an access control program is given with the -a option on the command line the connection data is passed to the acp before the server is contacted. The acp should return 0 as exit code to grant access and another value to deny.

The access controller receives the following variables: PROXY_INTERFACE, PROXY_PORT interface and port where the client is connected to the proxy. PROXY_CLIENT, PROXY_CLIENTNAME IP number an name of the connected client. PROXY_SERVER, PROXY_SERVERPORT, PROXY_SERVERNAME IP number, port and name of the FTP server the client wants to contact. PROXY_SERVERLOGIN the supplied username for the FTP server. PROXY_USERNAME, PROXY_PASSWD supplied username and password for usage of the proxy server. The values for PROXY_USERNAME and PROXY_PASSWD are taken from the supplied remote username and password if they contain a colon ‘:’. In this case the local authentication data is taken from the left side of the colon and the remaining right side is passed on to the server.

Furthermore the acp’s stdout is connected to the FTP client and it’s stderr is read by ftp.proxy which writes the acp’s stderr output to syslog.

Notice also that a non-zero acp exit code signals ftp.proxy that something’s wrong and that ftp.proxy should terminate.

Connection Translation Beginning with version 1.1.6 ftp.proxy supports connection translation programs (ctp’s). A ctp can completly overwrite the user’s server selection and login. If configured the ctp is called before the acp. It receives the same environment variables like the acp and returns server and login information that should ftp.proxy for the server connection on it’s stdout. The format of the ctp output lines is variable [ ]= [ ] value where variable is one of SERVERNAME, SERVERLOGIN, SERVERPASSWD, SERVERPORT and value the corresponding value. Alternativly to these four variables you can use the shorter forms SERVER, LOGIN, PASSWD, PORT as variable names. Furthermore the case of the variable names doesn’t matter and any whitespace around value is ignored.

The ctp can deny the proxy request by exiting with an non-zero exit code, In which case ftp.proxy drops the connection immediately. Alternativly the ctp can also print a line starting with -ERR, which is written to syslog before the connection is closed.

Command Control If a command control program (ccp) is given with the -c option this program is called for the FTP commands APPE, CDUP, CWD, DELE, LIST, MDTM, MKD,
NLST, RETR, RNFR, RNTO, RMD, SIZE, STAT,
STOR, STOU, XCUP, XCWD, XMKD, XRMD The ccp returns an exit code of 0 to grant and any other to deny access (the exit code to the ‘QUIT’ command is ignored). For the ccp the same variables as for acp’s are set with the addition of PROXY_COMMAND, PROXY_PARAMETER FTP command and parameter (if set). PROXY_SESSION a unique identifier for the proxy session. PROXY_CCPCOLL, the client’s number of collisions with the ccp’s permission rules (number of ‘permission denied’ responses). The ccp’s stdout and stderr are connected to ftp.proxy. A one line message written to stdout by the ccp goes to syslog, while a message one stderr is sent to the client. If this message does not contain a status ftp.proxy substitutes a ‘553’ code. If the message is empty the client gets a simle ‘553 permission denied’. Notice that the stderr message is only used if the ccp returns an exit code other the zero.

On normal program termination (‘QUIT’ command or timeout) the ccp is called with the command ‘+EXIT’ to do some final clean up. It is not reliable that the ccp receives the ‘+EXIT’ event. There are lots of possiblities that the proxy terminates without generating it, e.g. client timeout, server error or signal reciption by the proxy.

Monitor Mode The -m option puts ftp.proxy into the monitor mode. ftp.proxy will then try to keep track of the client’s current directory on the server side. With this information the file parameter for the commands APPE, CDUP, CWD, DELE, LIST, MDTM, MKD
NLST, RETR, RNFR, RNTO, RMD, SIZE, STOR,
XCUP, XCWD, XMKD, XRMD is converted into an absolute path. This value is then used in syslog messages and given to a ccp in the PROXY_FTPPATH variable. Furthermore the variable PROXY_FTPHOME contains the user’s initial directory which is assumed to be his home directory.

The ‘LIST’ and ‘NLIST’ command may have a parameter or not. If it is absent ftp.proxy sets the parameter to ‘*’ but this affects only the PROXY_FTPPATH variable, not the command that is sent to the server.

For the ‘CDUP’ command PROXY_FTPPATH contains the full path of the target directory.

Monitoring may not work with all server systems since the output of the ‘PWD’ command which is used by ftp.proxy to get the current directory in not completely defined. If the directory can not be clearly determined ftp.proxy will terminate.

Configuration File

ftp.proxy can take most of its command line options also from a configuration file which can be set with the -f option.

The following options can be set: acp /path/to/acp sets the path to the access control program (-a option). allow-anyremote yes|no if enabled ftp.proxy does not check the remote’s end in data connection, required for some bad multi-homed servers and FXP (-y option). allow-blanks yes|no allows blanks in FTP command parameters (-b option). allow-passwdblanks yes|no allows blanks in the FTP login password (-B option). bind portnum sets the port number to which ftp.proxy should bind to, activates daemon mode (-D option). ccp /path/to/ccp sets the path to the command control command (-c option). ctp /path/to/ctp sets the path to the connection translation program (-x option). debug yes|no turns debugging mode on or off (-d option). monitormode yes|no enables monitor mode (-m option). proxy-routing yes|no if enabled ftp.proxy uses the last ‘@’ in the username to determine to which server it should connect. This make proxy hopping (or routing) possible (-u option). selectserver yes|no enables client side server selection, disables the server option (-e option). server ftpserver sets the connection’s FTP server, disables selectserver. serverlist list-of-allowed-server specifies a command separated list of servers to which the clients are allowed to connect (-s option). sourceip ip-number defines the IP address for the outgoing control connection to the remote server, which also determines the local IP address for data transmissions. timeout timeout set the timeout in seconds. xferlog filename sets the location of the xferlog file and enables xferlog logging. Notice that the file can contain comments and blank lines (usual UN*X-style) but ftp.proxy terminates immediately with an error code if an unknown or invalid configuration option is found.

Interface specific configurations ftp.proxy‘s configuration file supports interface specific configuration sections. Such section begin with a line that starts with [interface-ip] followed by the configuration options for connections on this specific interface. ftp.proxy checks for such sections immidiately after the client connection is accepted. If it finds at least one interface specific section in the configuration file but none for the current interface it considers itself to be not configured for it and drops the connection sending a ‘421 not available’ message to the client.

ftp.proxy accepts all global configuration options from above (allthough not all make sense, e.g. bind) in interface specific section. That is, ftp.proxy can have completely different configurations on different interfaces. But to deactivate a non-boolean option, e.g. ctp you can not simply give the option without a value, this would be considered as ‘bad configuration option’. Instead you must supply a single dash ‘—‘ to clear an option.

Configuration checking ftp.proxy prints an error message and terminates immediately if it finds an unknown or bad configuration option. More worse, these error messages are printed to ftp.proxy‘s stderr and not to syslog which makes it a little bit difficult to observe. ftp.proxy addresses this issue by supporting the -F option.

The -F option sets the configuration file and the ‘check-and-print’ option, that is ftp.proxy will only read, check and print it’s configuration options as they are set after reading the configuration. An interface IP-number may be given as optional command line parameter to make ftp.proxy print the configuration for this particular interface.

Options

The following options are available: -a acp

specify an access control program that grants or denies access via ftp.proxy.

allows blanks in filenames.

allows blanks and other special charackters in passwords.

sets a command control program that grants or denies the usage of FTP commands through ftp.proxy.

enter debug mode, the communication between server and client is written to stderr. -f configfile sets ftp.proxy‘s configuration file. -F configfile [interface] read and print the proxy configuration for interface from configfile. If interface is missing the global configuration is printed. This is a check-only option, after the configuration has been printed ftp.proxy terminates, no connection handling is done. -e

enable client-side server selection. With this option the server argument isn’t accepted.

sets logging of most of the FTP commands.

sets the monitor mode. -p port tell ftp.proxy to use port as source port for data transfers (using port number 20 is FTP standard). Keep in mind that port numbers below 1024 require root permissions. -q sourceip sets the IP number for the outgoing control connection. -s list the FTP server selected by the client must match one of the pattern from the comma separated list. The wildcards ‘*’ and ‘?’ can be used. -t timeout specify a different FTP timeout in seconds than the default of 900 (15 minutes). -u

search for the last appearance of an ‘@’ in the username. This allows the use of usernames with a ‘@’ in it. Be careful with this option, this can be abused to do ‘proxy hopping’! -v prefix set prefix as variable prefix for the variable passwd to the access and command control program. -x ctp

set a connection translation program to overwrite the server and login information supplied by the user. -X file write xferlog loggin to file. -V

Источник