FTP 代理过程分析 - 使用 ftp.proxy

目录

    • 目录
    • ftpproxy
      • 安装
    • 代理过程分析
      • 准备
      • 抓包分析

与 HTTP 代理相比,FTP 代理要特殊很多,因为 FTP 要使用随机端口来传输数据,端口号在运行时确定并通过控制链路(控制链路传输 FTP 命令和响应,数据链路传输文件内容)传输,因此代理服务器必须要解析控制链路的响应或请求并替换

HTTP 代理就要简单很多,客户端与 proxy 通信,并将 Host header 填成 real server 的地址,proxy 之间将整个 TCP message body 转发即可,也就是说,HTTP 代理即可使用四层代理,也可以使用三层代理(端口转发),但 FTP 只能使用四层代理,因为 FTP client 要解析 FTP server reply 取得数据链路地址,三层代理会导致 proxy 只代理控制链路,数据链路依然直连 real server.

FTP proxy 的局限性非常大,如果对客户端透明(即客户端连 proxy 或 real server 只需修改 ip:host),一组 FTP proxy 实例只能代理一个 FTP server, 因为 proxy 无法知晓客户端要连的 real server 的地址(HTTP proxy 能通过 Host header 知道 real server 地址是多少)。

ftp.proxy

在常用的开源代理软件中,Apache 和 Squid 都支持 FTP 代理,但都不是真正意义上的 FTP 代理。详细信息可以见官方文档:

Apache Module mod_proxy_ftp
squid-cache wiki - Feature: Native FTP proxying

ftp.proxy 不太出名,应用也不广,但是功能满足 FTP 代理服务器的需求。

安装

yum install ctags

tar -xzf ftpproxy-1.2.3.tgz && \
cd ftpproxy-1.2.3 && \
sed -i 's/\/usr\/local\/man\/man1/\/usr\/local\/share\/man\/man1/g' Makefile && \
make && make install

安装过程比较简洁,只安装了一个可执行文件和 man page:

cd src; strip ftp.proxy  &&  cp ftp.proxy /usr/local/sbin
cd doc; cp *.1 /usr/local/share/man/man1

代理过程分析

准备

FTP client: 10.105.44.6
FTP proxy: 10.105.51.240:2121
FTP server: 10.105.87.168:21

ftp.proxy -D 2121 10.105.87.168:21

starting ftp.proxy 1.2.3 in daemon mode ...

抓包分析

操作过程:

ftp -d
ftp> open 10.105.51.240 2121
Connected to 10.105.51.240 (10.105.51.240).
220 server ready - login please
Name (10.105.51.240:root): xxx
---> USER 1251429439
331 password required
Password:
---> PASS XXXX
230 login accepted
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put /tmp/test.txt /0/test.txt
local: /tmp/test.txt remote: /0/test.txt
---> TYPE I
200 Switching to Binary mode.
---> PASV
227 Entering Passive Mode (10,105,51,240,211,175)
---> STOR /0/test.txt
150 Ok to send data.
226 Transfer complete.
5 bytes sent in 3.5e-05 secs (142.86 Kbytes/sec)
ftp> delete /0/test.txt
---> DELE /0/test.txt
250 Delete operation successful.
ftp> quit
---> QUIT
221 goodbye

抓包:

client ->  proxy: connect
 proxy -> client: 220 server ready - login please\r\n
client ->  proxy: USER xxx\r\n
 proxy -> client: 331 password required\r\n
client ->  proxy: PASS xxx\r\n
 proxy -> server: connect
server ->  proxy: 220 (vsFTPd 3.0.2)\r\n
 proxy -> server: USER xxx\r\n
server ->  proxy: 331 Please specify the password.\r\n
 proxy -> server: PASS xxx\r\n
server ->  proxy: 230 Login successful.\r\n
 proxy -> client: 230 login accepted\r\n
client ->  proxy: SYST\r\n
 proxy -> server: SYST\r\n
server ->  proxy: 215 UNIX Type: L8\r\n
 proxy -> client: 215 UNIX Type: L8\r\n
client ->  proxy: TYPE I\r\n
 proxy -> server: TYPE I\r\n
server ->  proxy: 200 Switching to Binary mode.\r\n
 proxy -> client: 200 Switching to Binary mode.\r\n
client ->  proxy: PASV\r\n
 proxy -> server: PASV\r\n
server ->  proxy: 227 Entering Passive Mode (10,105,87,168,224,171).\r\n
 proxy -> client: 227 Entering Passive Mode (10,105,51,240,211,175)\r\n
client ->  proxy: connect to port 54191(211*256+175)
client ->  proxy: STOR /0/test.txt\r\n
 proxy -> server: STOR /0/test.txt\r\n
 proxy -> server: connect to port 57515(224*256+171)
server ->  proxy: 150 Ok to send data.\r\n
 proxy -> client: 150 Ok to send data.\r\n
client ->  proxy: send file content
 proxy -> server: send file content
client ->  proxy: close data connection
 proxy -> server: close data connection
server ->  proxy: 226 Transfer complete.\r\n
 proxy -> client: 226 Transfer complete.\r\n
client ->  proxy: DELE /0/test.txt\r\n
 proxy -> server: DELE /0/test.txt\r\n
server ->  proxy: 250 Delete operation successful.\r\n
 proxy -> client: 250 Delete operation successful.\r\n
client ->  proxy: QUIT\r\n
 proxy -> server: QUIT\r\n
server ->  proxy: 221 Goodbye.\r\n
 proxy -> client: 221 goodbye\r\n
server ->  proxy: close command connection
 proxy -> client: close command connection

从以下两行可以看出数据传输的地址被 proxy 替换:

server ->  proxy: 227 Entering Passive Mode (10,105,87,168,224,171).\r\n
 proxy -> client: 227 Entering Passive Mode (10,105,51,240,211,175)\r\n

你可能感兴趣的:(FTP,运维)