[squid-users] R: [squid-users] Reverse ftp proxy from Reale Marco on 2006-12-14 (squid-users)

From: Reale Marco <Marco.Reale@dont-contact.us>
Date: Thu, 14 Dec 2006 11:40:06 +0100

Adrian

Thanks a lot for your kind reply, I understood the concept...
Last question
Reading your good explanation I thought that a "reverse ftp proxy" could improve security but unfortunately squid hasn't able.
Can you suggest me some programs abled to act as reverse proxy? Is possibile to configure a reverse proxy with linux and some open source program? If not...is there some commercial software?

Thanks
Marco
Italy

-----Messaggio originale-----
Da: Adrian Chadd [mailto:adrian@creative.net.au]
Inviato: mercoledì 13 dicembre 2006 19.38
A: Reale Marco
Cc: squid-users@squid-cache.org
Oggetto: Re: [squid-users] Reverse ftp proxy

On Wed, Dec 13, 2006, Reale Marco wrote:
> Hi
>
> I have a question not strectly closely related to squid but I hope
> that someone kindly will reply to me.
> I saw questions about ftp reverse proxy, reverse proxy etc...
> But what exactly is an ftp reverse proxy? What is the difference at
> tcp layer?

An FTP proxy is one which:

* provides an FTP server
* relays requests to a backend FTP server where required
* caches files which are requested by the clients

Squid can do two of three but it doesn't provide FTP services at the present time. I doubt it'd be hard to write something to do it but I don't think any of the current squid developers have any spare time to do it.

> Usually I configure a static nat (public ip to dmz ip) in order to
> provide ftp service but if I would to configure a reverse proxy with
> squid is possible?

Not yet.

> 1) Is Squid able to act as reverse ftp proxy?
> 2) What is the difference at tcp layer?

At the TCP layer - Squid would be accepting all FTP requests and speaking the FTP protocol. Data channels would terminate on the Squid proxy rather than being NATted through to the client. Squid would then issue its own TCP connections for control/commands and data requests if/where required.

In the NAT form all that is happening is your firewall/gateway is NATting TCP sessions for FTP control and data as appropriate.

In the Squid form all the FTP TCP sessions would terminate on the Squid server and the Squid server would then issue new FTP TCP sessions to the real FTP server.

But as I said, Squid doesn't have this functionality.

Adrian

--
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -

Received on Thu Dec 14 2006 - 03:40:14 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST