FTP.PROXY(1)                                         FTP.PROXY(1)


NAME
       ftp.proxy - FTP proxy server

SYNOPSIS
       ftp.proxy [options] [server]

DESCRIPTION
       ftp.proxy is a proxy server for a subset of the file tranfer
       protocol described in RFC 959.   It  forwards  traffic
       between  a client and a server without looking too much if
       both host do real FTP.  The FTP server can be either given
       on the command line or supplied by the client.

       ftp.proxy  must  be  started  from  a TCP superserver like
       inetd(1) or multiproxy(1).  It can't bind to a  TCP/IP  port
       on it's own.

   Server Selection
       If client-side server selection it turned on the user must
       select the FTP server he wants to use with the  `@'  notation.
       Instead of specifying the real ftp server the user
       connects to the gateway machine where ftp.proxy is running
       and enters the username in the form

            remote-user@remote-ftp.server

       The password that is send to the proxy server is the password
       required for logging into remote-ftp-server with  the
       account remote-user.

       In  situations  where the FTP client doesn't support usernames
       containing an `@' the percent sign `%' might be used
       for that.

   Protocol Support
       ftp.proxy supports the following POP3 commands:

              ABOR, ACCT, APPE, CDUP, CWD, DELE, LIST, NLIST,
              NOOP, MKD,  MODE, PASS, PORT, PWD, QUIT, RETR,
              REST, RNFR, RNTO, RMD, SITE, SMNT, STAT, STOR,
              SYST, TYPE, USER

       Especially  passive  transfer  mode and transfer of structured
       data is not supported.

   Access Control
       If a access control program is given with the -a option on
       the  command line the connection data is passed to the acp
       before the server is contacted.  The acp should  return  0
       as exit code to grant access and another value to deny.

       The access controller receives the following variables:


       PROXY_INTERFACE, PROXY_PORT
              interface and port where the client is connected to
              the proxy.

       PROXY_CLIENT, PROXY_CLIENTNAME
              IP number an name of the connected client.

       PROXY_SERVER, PROXY_SERVERPORT, PROXY_SERVERNAME
              IP number, port and name  of  the  FTP  server  the
              client wants to contact.

       PROXY_SERVERLOGIN
              the supplied username for the FTP server.

       PROXY_USERNAME, PROXY_PASSWD
              supplied  username  and  password  for usage of the
              proxy server.

       The values for PROXY_USERNAME and PROXY_PASSWD  are  taken
       from  the  supplied  remote  username and password if they
       contain a colon `:'.  In this case the  local  authentication
       data is taken from the left side of the colon and the
       remaining right side is passed on to the server.

       Furthermore the acp's  stdout  is  connected  to  the  FTP
       client  and  it's stderr is read by ftp.proxy which writes
       the acp's stderr output to syslog.

   Command Control
       If a command control program is given with the  -c  option
       each command entered (the only exception is `PORT') by the
       client is handed to it.  The ccp returns an exit code of 0
       to  grant  and  any other to deny access (the exit code to
       the `QUIT' command is ignored).  For this the  same  variables
       as for acp's are set with the addition of

       PROXY_COMMAND, PROXY_PARAMETER
              FTP command and parameter (if set).

       PROXY_SESSION
              a unique identifier for the proxy session.

       PROXY_CCPCOLL,
              the  client's  number  of collisions with the ccp's
              permission rules  (number  of  `permission  denied'
              responses).

       The ccp's stdout and stderr are connected to ftp.proxy and
       a one line message written by the ccp goes to syslog.   In
       case  that  the access is denied the client receives a 553
       return code from ftp.proxy.

       On normal program termination (`QUIT' command or  timeout)
       the  ccp  is  called  with  the command `+EXIT' to do some
       final clean up.  Notice that abnormal  terminations  (most
       signals  program  errors) should be preceded with a `-ERR'
       line in the syslog.

OPTIONS
       The following options are available:

       -a acp specify an access control program  that  grants  or
              denies access via ftp.proxy.

       -c ccp set a command control program that grants or denies
              the usage of FTP commands through ftp.proxy.

       -d     enter debug mode, the communication between  server
              and client is written to stderr.

       -e     enable  client-side  server  selection.   With this
              option the server argument isn't accepted.

       -l     set logging of most of the FTP commands.

       -s list
              the FTP server selected by the  client  must  match
              one  of  the pattern from the comma separated list.
              The wildcards `*' and `?' can be used.

       -t timeout
              specify a different FTP timeout in seconds than the
              default of 900 (15 minutes).

       -v prefix
              set  prefix  as  variable  prefix  for the variable
              passwd to the access and command control program.


SEE ALSO
       inetd(1), multiproxy(1).

