cancel
Showing results for 
Search instead for 
Did you mean: 
cscoup8
Level 9

MWG7 FTP proxy service - making it transparent for clients

Jump to solution

Is it technically possible to have a network setup that redirects outgoing FTP client traffic through the MWG7 FTP proxy service (default port 2121) so that FTP traffic automatically passes through MWG7 without having to explicitely configure the FTP clients to use the MWG7 proxy service?  By FTP client I mean an actual FTP client (ex: ftp.exe) and not a web browser that's connecting to a FTP site.

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

The only possible way is with transparent router or transparent bridge. Neither of which i'm very fond of for a whole variety of reasons.

0 Kudos
4 Replies
btlyric
Level 12

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

This is probably not particularly helpful, but AFAIK, WCCP doesn't work for FTP with MWG so that's not an option.

Interested in hearing about how others are dealing with this particular situation.

0 Kudos
cscoup8
Level 9

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

Actually that is a bit helpful since I've been trying to do this via various types of redirects through a firewall and so far have been getting stuck.  In one scenario the FTP client sends a SYN packet to the external FTP server (ex: 192.0.1.2:21) the firewall intercepts this and forwards it to the MWG7 FTP proxy service (10.1.2.3:2121), the proxy service sends a SYN ACK back to the FTP client but through a different IP address and port number than what the FTP client sent the SYN packet to, and so naturally the client system sends a RST packet back since the SYN ACK response is not an established connection (its sending a SYN to 192.0.1.2:21 but is getting a SYN ACK from 10.1.2.3:2121 instead of 192.0.1.2:21) and things simply don't progress further from here.

In another scenario a FTP connection manages to get established but gets stuck after the FTP PORT command is sent.

Before spending more time on this -- and possibly finding out that its not possible to achieve, especially given the way that FTP works through 2 ports for file transfers -- I figured I'd ask the forum to see if anybody's pulled this off.

0 Kudos
eelsasser
Level 15

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

The only possible way is with transparent router or transparent bridge. Neither of which i'm very fond of for a whole variety of reasons.

0 Kudos
McAfee Employee

Re: MWG7 FTP proxy service - making it transparent for clients

Jump to solution

7.5.1 supports FTP redirect using WCCP.

0 Kudos