how to properly set-up proxy for ftp?
[1/6] from: petr:krenzelok:trz:cz at: 19-Jun-2001 16:17
Hi,
our admins changed the way our proxy works probably, so I can't get thru
...
All I know is I can get thru using following aproach:
- I open ugly Windows default ftp
- I type in: open proxy.sec.trz.cz
- I am asked for name and I have to type:
[target-account-name--moon--rebol--cz]
- I am asked for: target-account-password
- I am connected to account:[password--moon--rebol--cz]
How to set-up protocols in Rebol to make it work? If I want to get thru
for http protocol, I use 3128 port on proxy.sec.trz.cz
Thanks a lot,
-pekr-
[2/6] from: gjones05:mail:orion at: 20-Jun-2001 13:46
Hi, Petr,
Again, I am probably amongst the least qualified to really answer these
questions, but no one else has taken the bait, so I'll give it a try.
From: "Petr Krenzelok"
> what is also strange, I can't "open" remote
> ftp connection and do "insert"?
I don't know, but I do know that if you did, many of the returns come back on
the sub-port specification, so it wouldn't get you very far.
> How do I manually command ftp port?
Very tough directly through REBOL, because, again, commands are sent over the
port specifications, and most info returns on the sub-port. You can also
experiment with telnet but you won't get much more than what trace/net is
showing you. AR posted an interactive ftp scheme last week, but he said it does
not support proxy servers.
> Net-log: {230-moon.moravia-steel.cz FTP server (Version wu-2.6.0(1) Fri Jun 23
> 09:17:44 EDT 2000) ready.}
> Net-log: {230 User can logged in. Access restrictions apply.}
I could easily be wrong, but this line suggests to me that you are only now at
the point of being ready to log on to the correct ftp server. The proxy port on
dumped you into that account, but didn't pass on the user:pass stuff. Just a
guess.
> Net-log: [
> "PASV" "227"]
> Net-log: "227 Entering Passive Mode (194,196,81,131,6,255)"
This sequence shows that the the ftp server itself can accept passive mode. The
6 and 255 at the end of the 6 numeral tuple are the suggested sub-port (6 x 256
+ 255). This number may change each time. When your network admin said that
ftp also uses port 20, that is the port used by the active mode. In this mode
the server attempts to hook up to the client; note that in this case the client
*is* the server. This method is potentially not secure, so many configure
firewalls/proxies to only accept passive mode, in which the server suggests
another port, to which the client may connect as a client only.
> Uh, I need a break probably :-)
Yes, this is probably the case. It can be sooooo frustrating trying to get some
thing to work.
Here is what I think may be going on. I apologize in advance if I overlooked
this information earlier in the thread. I think what you need to do is set up
REBOL to work through a proxy (set-net stuff). This may be the same port used
for http, but I do not know. Check the following to be sure that REBOL/Core is
set-up correctly:
http://www.rebol.com/docs/core23/rebolcore-3.html#pgfId-297391
You may need to specifically specify passive mode, as explained here:
http://www.rebol.com/docs/core23/rebolcore-13.html#pgfId-956772
Then I believe you will be able to directly use the following:
ftp://can:[pass-here--moon--rebol--cz]/
The proxy should then know to forward you to the correct ftp server, where your
user:pass will log you in.
I hope I am not misleading you. Good luck (timewise it looks like you'll have
to wait until tomorrow;).
--Scott Jones
[3/6] from: gjones05:mail:orion at: 20-Jun-2001 6:14
Hi, Petr,
Again, my usual disclaimers that I am not the ideal person to be answering these
questions. With that said, here it goes anyway:)
From: "Petr Krenzelok"
> I still can't to sort it out. I contacted our admin and he told me, that we
> use typical port 21 for ftp connection, but separate port 20 for data
> connection, uh, is that normal case?
If I recall correctly, the active connection mode uses port 20 for the second
port (or the sub-port in REBOL).
> I connected to required host using Rebol and followind aproach:
> my-ftp: open/lines [scheme: 'tcp host: "proxy.sec.trz.cz" port-id: 21]
<<quoted lines omitted: 9>>
> Can I escape "@" in my direct
> ftp://[can--moon--rebol--cz]:[my-pass-here--proxy--sec--trz--cz] somehow?
It looks like you may have uncovered another buglet. I thought that the URL
parser picked out the "@"s in either the USER or PASS part, but experimentation
readily confirmed what you found. Escaping with a %40 did not help. On further
inspection, the parser uses the following bitset as valid characters for the
USER part. I have previously asked if there is a way to get characters back
from a bitset, but there was no response. Most of the following is my
explanation of what and why I did, in case you were interested. Otherwise, skip
to "Summary" and give the result a try.
The following is the bitset for the USER part:
>> net-utils/url-parser/user-char
== make bitset! #{
00000000F87CFF2BFEFFFF87FEFFFF1700000000000000000000000000000000
}
This is the bitset for "@":
>> make bitset! #"@"
== make bitset! #{
000000000000000001000000000000000000000000000000000000000000000
}
So I performed a union of the two and got:
>> union net-utils/url-parser/user-char make bitset! #"@"
== make bitset! #{
00000000F87CFF2BFFFFFF87FEFFFF1700000000000000000000000000000000
}
which shows that a bit is flipped (E to F).
Then I reset the user-char bitset to the following:
>> net-utils/url-parser/user-char: union net-utils/url-parser/user-char make
bitset! #"@"
== make bitset! #{
00000000F87CFF2BFFFFFF87FEFFFF1700000000000000000000000000000000
}
With this change, url-parse seems to correctly parse an "@" in USER name. IT is
possible that that the FTP specification does not allow an "@" in the USER part,
or perhaps RT did not anticipate this possibility. :)
End of win-bag explanation ... Petr, wake up, hey Petr... ;-)
*****Summary******:
Try this line before your normal ftp usage:
net-utils/url-parser/user-char: union net-utils/url-parser/user-char make
bitset! #"@"
If this works, perhaps we should submit a possible bug alert to RT.
Best wishes,
--Scott Jones
[4/6] from: petr:krenzelok:trz:cz at: 20-Jun-2001 13:48
GS Jones wrote:
> Hi, Petr,
> Again, my usual disclaimers that I am not the ideal person to be answering these
<<quoted lines omitted: 62>>
> net-utils/url-parser/user-char: union net-utils/url-parser/user-char make
> bitset! #"@"
hey, it works :-)
> If this works, perhaps we should submit a possible bug alert to RT.
but I am not sure it is a bug. After all - I want to connect to 'moon.rebol.cz,
account 'can, not to 'proxy.sec.trz.cz, so I want to do:
print read ftp://can:[pass-here--moon--rebol--cz]
... the issue is, I was not able to find any acceptable solution using ftp/proxy
object, which is used when you try to open port. Maybe there is not solved my
scenario in ftp scheme? I looked at the source and saw where it hangs ...
either all [
port/proxy/host
bp: not in-bypass port/host port/proxy/bypass
find [socks4 socks5 socks] port/proxy/type
] [
port/sub-port: net-utils/connect-proxy/sub-protocol port 'connect
subproto
] [
sub-port: system/words/open/lines compose [
scheme: (to-lit-word subproto)
host: either all [port/proxy/type = 'generic generic bp]
[port/proxy/host] [port/proxy/host: none port/host]
user: port/user
pass: port/pass
port-id: either all [port/proxy/type = 'generic generic bp]
[port/proxy/port-id] [port/port-id]
]
port/sub-port: sub-port
as you can see - the big difference is if you use 'generic proxy or not. I don't
understand, where does 'generic word comes from, but it is set to 'none (I mean the
part of code in 'all condition block ... )
So, how to set-up proxy properly, to allow it work in a default way?
-pekr-
[5/6] from: petr:krenzelok:trz:cz at: 20-Jun-2001 14:24
Hi once again :-)
what is also strange, I can't "open" remote ftp connection and do "insert"? How do I
manually command ftp port?
->> ble: open/lines ftp://[can--moon--rebol--cz]:[my-pass-here--proxy--sec--trz--cz]
URL Parse: [can--moon--rebol--cz] my-pass-here proxy.sec.trz.cz none none none
Net-log: ["Opening" "tcp" "for" "FTP"]
connecting to: proxy.sec.trz.cz
tcp proxy.sec.trz.cz [can--moon--rebol--cz] 21
Net-log: [
none ["220" "230"]]
Net-log: {220 Netfinity FTP Proxy Server/Gateway ready / problemy pisemne k
[root--trz--cz] /}
Net-log: [
["USER" port/user] "331"]
Net-log: "331 Password required for can."
Net-log: [
["PASS" port/pass] "230"]
Net-log: "230-welcome to the lucky pit"
Net-log: "230-"
Net-log: "230-"
Net-log: {230-moon.moravia-steel.cz FTP server (Version wu-2.6.0(1) Fri Jun 23
09:17:44 EDT 2000) ready.}
Net-log: {230 User can logged in. Access restrictions apply.}
Net-log: [
"SYST" "*"]
Net-log: "215 UNIX Type: L8"
Net-log: [
"PASV" "227"]
Net-log: "227 Entering Passive Mode (194,196,81,131,6,255)"
Net-log: [
["CWD" either empty? port/path ["./"] [join "./" port/path]] "250"]
Net-log: "250 CWD command successful."
Net-log: [
["TYPE A"] ["200"]]
Net-log: "200 Type set to A."
Net-log: [
["LIST"] ["150" "125"]]
Net-log: {150 Opening ASCII mode data connection for directory listing.}
Net-log: [
none "226"]
Net-log: "226 Transfer complete."
->> huh: insert ble "LIST"
** Script Error: Cannot use insert on this type port
** Near: huh: insert ble "LIST"
Uh, I need a break probably :-)
-pekr-
[6/6] from: petr:krenzelok:trz:cz at: 20-Jun-2001 11:17
Hi,
I still can't to sort it out. I contacted our admin and he told me, that we
use typical port 21 for ftp connection, but separate port 20 for data
connection, uh, is that normal case?
I connected to required host using Rebol and followind aproach:
my-ftp: open/lines [scheme: 'tcp host: "proxy.sec.trz.cz" port-id: 21]
insert my-ftp "USER [can--moon--rebol--cz]" ; account and host I want to
connect to ...
insert my-ftp "PASS my-password-here"
then I am finally logged to 'can account on 'moon.rebol.cz server ...
But how to get thru using ftp scheme? I echoed my ftp scheme and found out,
that it can't open sub-port ...
PS: aha! :-) Is it kind of forwarding or what? Following works:
ble: read [scheme: 'ftp host: "proxy.sec.trz.cz" user: "[can--moon--rebol--cz]"
pass: "my-pass-here"]
Can I escape "@" in my direct
ftp://[can--moon--rebol--cz]:[my-pass-here--proxy--sec--trz--cz] somehow?
Thanks,
-pekr-
Petr Krenzelok wrote:
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted