Novell Technical Information Document

This document (10014040) is provided subject to the disclaimer at the end of this document.

BorderManager 3.0 FTP Application Proxy FAQ

BorderManager 3.5 FTP Application Proxy FAQ

BorderManager 3.0, 3.5 FTP Application Proxy Frequently Asked Questions

Q. How do I configure the FTP Application Proxy?

A. You configure the FTP Proxy from NWADMIN. Follow the steps below:

1. From NWADMIN BorderManager Setup page enable the FTP Proxy service.
2. Select FTP Proxy and click the Details button.
3. Change the Separator character if desired. The Username/Password Separator is the character that separates the NDS username, FTP username, and FTP hostname. The default character is the dollar sign ($). Some users prefer to use the @ symbol.
4. Enable Userbased Authentication if desired. If this parameter is not enabled, the user will not be required to enter their NDS username and password when accessing the FTP proxy server. If you want to configure Access Control based on NDS User or Group you will need to enable this feature.
5. Enable Logging if desired and then select OK to exit page and save settings.
6. Select OK again and wait for the time stamp synchronization to complete.

Q. What USER and PASSWORD syntax is used when NDS Authentication is Disabled?

A. When NDS Authentication is Disabled you should use the following syntax when prompted for the Username and Password:

USER: ftpUser$ftpHost (example: anonymous@ftp.novell.com)
PASSWORD: ftpPass (example: youremailaddress@company.com)

Q. What USER and PASSWORD syntax is used when NDS Authentication is Enabled?

A. When NDS Authentication is Enabled you should use the following syntax when prompted for the Username and Password:

USER: ndsUser$ftpUser$ftpHost (example: admin.company$anonymous$ftp.novell.com)
PASSWORD: ndsPass$ftpPass (example: NDSpassword$youremailaddress@company.com)

When using NDS Authentication a user must enter a fully distinguished NDS username.

Q. How do I use the FTP proxy with the DOS FTP program?

A. From a dos prompt connect to the FTP proxy server with the following syntax:

ftp 192.168.0.1

The 192.168.0.1 is the private IP address of your BorderManager server. When FTP Proxy is enabled your private IP address listens on port 21 for FTP requests.

After connecting you should see something similar to the following:

Connected to 192.168.0.1.
220 Service Ready
User (192.168.0.1:(none)):

The information that you need to enter at the user prompt is based on if NDS authentication is being used. See the questions above to determine the appropriate syntax. An example of the required syntax when NDS authentication is not being used is included below:

User (192.168.0.1:(none)): anonymous$ftp.novell.com

You will then be prompted for Password. The syntax for password also depends on if NDS authentication is enabled. The example below assumes that authentication is disabled:

Password: youremailaddress@company.com

Anonymous FTP usually requests your email as the password. You should now be connected to the ftp.novell.com FTP server.

Q. How do I use FTP proxy with a GUI FTP client like?

A. You will use the same User and Password syntax discussed above to configure your GUI FTP client to use the FTP proxy. For example, Using WS_FTP to create a new Session specify the following information in the appropriate fields.

Host Name/Address: 192.168.0.1 (This is the private IP address of your BorderManager 3.0 server)
User ID: anonymous$ftp.novell.com (Look at the questions about syntax above for more information)
Password: youremailaddress@company.com (See syntax question above for more information)

When using the BorderManager 3.0 FTP proxy with WS_FTP there is no need to configure or enable the firewall settings. Simply, configure your FTP client to connect to the BorderManager FTP Proxy (private IP address of BorderManager Server), and then use the syntax discussed above for the User ID and Password field.

Q. What types of FTP applications are suggested in order to use FTP PROXY services?

A. Any FTP application can be configured to point to the FTP PROXY server.
Known applications that can be configured are WS_FTP and Leech FTP. You can even use FTP from an MSDOS window.

Q. Why should I use BorderManager 3.0 FTP proxy?

A. The main reason for using FTP proxy is for increased security and control.

1. FTP Proxy is an Application proxy. Application proxies provide the highest level of protection, enhancing the protection provided by circuit gateways and packet filters.

2. The administrator can provide FTP access to users without creating a packet filter exception. This increases the security of your LAN.

3. FTP Proxy allows the administrator to use BorderManager Access Rules for detailed control over FTP access. This feature allows you to control users FTP access.

Q. What port does the FTP Proxy Server listen on?

A. The BorderManager 3.0 Server listens on port 21.

Q. My FTP client reports socket errors when trying to establish the connection. Why?

A. If you experience socket errors when trying to connect to an FTP site be sure you are using the correct separator in BorderManager setup configuration for FTP PROXY. BorderManager uses the $ as the default separator. Some people prefer to use the @ symbol.

Does FTP Proxy have any specific FTP commands that it recognizes as standard commands if someone is attempting to do something malicious to the FTP server?

The FTP Proxy is required to follow the RFC like everyone else. Novell has not created their own FTP commands that would differentiate anything malicious from any standard FTP traffic.