• Hi Guest: Welcome to TRIBE, the online home of TRIBE MAGAZINE. If you'd like to post here, or reply to existing posts on TRIBE, you first have to register. Join us!

Accessing a FTP through a company proxy

Kalemic

TRIBE Promoter
Hey everyone,

I've got my ftp running on my computer at home and want to be able to access it from my work. However I can't seem to figure out a way to be able to access it through the proxy (aside from a couple websites that allow you to log in through them to your server, but I don't like that idea).
 
Cannabis Seed Wedding Bands

Kalemic

TRIBE Promoter
I can access it through the browser alright, but none of the clients I've tried (even in browser ones like fireftp for firefox) seem to be able to connect. My preference is to access it through a client. I thought I had all the info right in the connections area when trying clients but I can't figure out why even fireftp won't connect through it.
 

oddmyth

TRIBE Member
could be a few problems on either side.

Home side
--------------
1. How is your IP defined? Most ISP's will assign you an IP address using DHCP (non static) which may change from time to time. Using something like dyndns (dyndns.org) will help give you a static address to attach to.

2. Can you connect to it from anywhere outside of home, but not work?

Work side
-------------

1. Can you access other FTP's. If so then at least we know outgoing FTP isn't a problem from work.
 

Kalemic

TRIBE Promoter
I have a static address, I can connect to it anywhere. And I cannot access any other FTPs from work (unless I access it from the browser as opposed to a client). I'm wondering if i need some sort of java client throught the browser to get through this?
 
tribe cannabis accessories silver grinders

oddmyth

TRIBE Member
browser or client usually doesn't make a helluva lot of difference unless the server is configured to listen on a different port other than the standard FTP port.

I'm guessing your systems guy has things locked down for a reason.
 

Stan

TRIBE Member
Alternatively, Windows Explorer has an FTP client built into it that works okay. It's not super fancy, but it does the job, and I've found that it can occasionally connect to sites that FireFTP can't.

To use it, just open up explorer, and type "ftp://user@ftp.domain.com" in the address bar.
 
tribe cannabis accessories silver grinders

Kalemic

TRIBE Promoter
Unfortunetly not. :( Le poo.

The only thing I've been able to find that *might* work is the new Serv-u, as it comes with a java based client thats web accessible. But even then I dunno, guess I'll try it tonight.
 

~atp~

TRIBE Member
I know a few tricks ... I've broken just about every corp firewall in the history of my job. Nothing terribly illegal, just rule-bending behaviour.

A simple first test: set up your FTP server to listen on port 443 on your home server (presumably you aren't running an Apache/web HTTPS server at home too).

If that works (it often does because the payload of an SSL-encrypted socket often can't be inspected by corps with their web filtering software), then your next step will be to see if file transfers work (some firewalls allow "related" socket connections, so you might get lucky). If you can connect to your FTP server on 443 but can't initiate file transfers, then your next step will be to run your FTP server through SSH ... which really just means you should run an SSH server on port 443 and use a client like filezilla (the best free FTP client avail).
 

Kalemic

TRIBE Promoter
~atp~ said:
I know a few tricks ... I've broken just about every corp firewall in the history of my job. Nothing terribly illegal, just rule-bending behaviour.

A simple first test: set up your FTP server to listen on port 443 on your home server (presumably you aren't running an Apache/web HTTPS server at home too).

If that works (it often does because the payload of an SSL-encrypted socket often can't be inspected by corps with their web filtering software), then your next step will be to see if file transfers work (some firewalls allow "related" socket connections, so you might get lucky). If you can connect to your FTP server on 443 but can't initiate file transfers, then your next step will be to run your FTP server through SSH ... which really just means you should run an SSH server on port 443 and use a client like filezilla (the best free FTP client avail).

Cool, guess those are my next steps. And lucky enough, I am using filezilla for both client and server. Thanks!
 

urbanriot

TRIBE Member
You sure it's locked down, and just not misconfiguration? have you tried both active and passv modes? does your ftp server support both?
 
tribe cannabis accessories silver grinders

Aaron Bradley

TRIBE Promoter
not sure if you have it working or not, but this is what I would do...

1) Just get the FTP server running on its standard ports which are 20 and 21. Connections are on 21 and data transfer is on 20.

2) Get the client software running on a machine on the same network as your server and connect from here (locally).

3) If you can connect via a browser over your work network, you should be able to connect from the client.
 

stir-fry

TRIBE Member
urbanriot said:
You sure it's locked down, and just not misconfiguration? have you tried both active and passv modes? does your ftp server support both?

what she said. If you can access the ftp site from a browser but not from a client, i'd check the settings in the client first.

You may find a proxy setup in your browser that you can copy from also.
- open IE and go to tools -> Internet Options and then click on the Connections tab, click on Lan settings and have a look to see if there's a Checkmark and any text in the Proxy Server area. If there is, you can borrow the numbers and shit, and put them into the settings area in your ftp cient.
 

~atp~

TRIBE Member
FYI:

Active and passive FTP modes only have an impact when initiating related connections for issuing file transfers (which include directory listing commands, and more accurately, any data streams). They simply represent a variation in the protocol where the server initiates the socket connection to the client on a client-determined local port. Based on your initial observations of your problem, I am about 98% certain a change in your active/passive settings will have no impact.

A proxy through an FTP client web proxy is certainly another way to go. HOWEVER: my suggestion above creates the same sort of circumvention in your corporate firewall, because you are simply redirecting traffic on the outbound port used by HTTPS connections.

I'll be curious to know if my suggestion worked. If it does, but file transfers still pose a problem, then just fire up a SSH server on your home box and you have the added benefit of guaranteeing a more secure connection (so no one, not even your IT department, will know what kind of business you're up to :) ).
 

Kalemic

TRIBE Promoter
stir-fry said:
what she said. If you can access the ftp site from a browser but not from a client, i'd check the settings in the client first.

You may find a proxy setup in your browser that you can copy from also.
- open IE and go to tools -> Internet Options and then click on the Connections tab, click on Lan settings and have a look to see if there's a Checkmark and any text in the Proxy Server area. If there is, you can borrow the numbers and shit, and put them into the settings area in your ftp cient.

I've tried multiple clients with my proxy information, none of them work. I don't get why I can access through firefox, but not even fireftp. :(

I also tried running it on 443 and that didn't make a difference either. :(
I'm wondering if maybe my firewall at home might have blocked me on 443 though (of note, my router port is forwarded). I might try 443 again but with my firewall off just to see.

So far the only things that have worked have been firefox and using a java based ftp like www.net2ftp.com (which sucks)
 
tribe cannabis accessories silver grinders

~atp~

TRIBE Member
Wait, are you saying you can or cannot access your FTP server through Firefox? I'm assuming that you would be using Firefox' ability to specify FTP locations as a URL in the address window ... such as: "ftp://somewhere.com/"

If you can access your FTP server through Firefox, then it is likely the case that your proxy settings in Firefox specify a proxy server that permits FTP requests (port 20/21) through the proxy to your home server.

As for port 443, you need to ensure you can access the FTP server externally: you will need to ensure that you are forwarding ports if that server of yours is sitting behind a NAT'd router. A quick check to see if you can connect externally is to get a friend to try a telnet connect against your IP on port 443. If your IP is 10.10.10.10, then you would have your friend try this from the command line:

> telnet 10.10.10.10 443
 

urbanriot

TRIBE Member
~atp~ said:
FYI:

Active and passive FTP modes only have an impact when initiating related connections for issuing file transfers (which include directory listing commands, and more accurately, any data streams). They simply represent a variation in the protocol where the server initiates the socket connection to the client on a client-determined local port. Based on your initial observations of your problem, I am about 98% certain a change in your active/passive settings will have no impact.

FYI his initially vague description of 'i can't connect' wasn't enough to determine if his work had blocked the ability to communicate on arbitrary ports. Many locked down sites occasionally utilize some form of FTP proxy, which typically allows active FTP. If they were employing an FTP proxy, he wouldn't know whether it was an active/passv problem because the proxy would time out, and not convey the initial handshake. Figured it was simple enough to try...
 

Kalemic

TRIBE Promoter
~atp~ said:
Wait, are you saying you can or cannot access your FTP server through Firefox? I'm assuming that you would be using Firefox' ability to specify FTP locations as a URL in the address window ... such as: "ftp://somewhere.com/"

If you can access your FTP server through Firefox, then it is likely the case that your proxy settings in Firefox specify a proxy server that permits FTP requests (port 20/21) through the proxy to your home server.

As for port 443, you need to ensure you can access the FTP server externally: you will need to ensure that you are forwarding ports if that server of yours is sitting behind a NAT'd router. A quick check to see if you can connect externally is to get a friend to try a telnet connect against your IP on port 443. If your IP is 10.10.10.10, then you would have your friend try this from the command line:

> telnet 10.10.10.10 443

I *can* access the server from firefox by using the FTP location in the address bar (when the port is 21). However any ftp clients or even fireftp (from within firefox) cannot connect even though I have input all my proxy settings in them. I have also made sure that the ports are forwarded through my router.
 

zoo

TRIBE Member
i'm trying to get vnc working from work to home

it's so far not working :(

i had it to listen on a high 4000s port, and i could see the server, but i couldn't load the java app because our work IT local privs are abysmal
 

nonlocal

TRIBE Member
Y'all seem to have this pretty well in hand, I just wanted to add my voice to those suggesting a more secure protocol than FTP... if you're going to go to all this trouble just to make a connection it would seem prudent to use a strategy (sftp even) that offered your traffic some hope at privacy once you get through...
 
tribe cannabis accessories silver grinders
Top