ShockFiler Xtra SHOCKFILER XTRA HELP: FIREWALL/PROXY  
 

The ShockFiler commands in this section will be most helpful for users who must connect through a firewall or proxy server, but they may be useful in other situations as well. Unless the FTP server you are trying to connect to has unusual requirements, if you are not connecting through a firewall or FTP server you can safely ignore this section and these commands. If you DO have to connect via a firewall and/or proxy server but are not really familiar with how firewalls and proxy servers work, the following Question and Answer section should give you a basic understanding.

 

 

WHAT IS A PORT?

An IP address like "ftp.someserver.com" or "192.233.255.1" specifies a particular computer on a network. The computer can be running many different software servers at the same time like web servers, FTP servers or chat servers. A port number is a further breakdown that allows IP traffic to be directed to a particular app on the server. A server app such as an web server, on the computer specifies a port that it "listens" to, and a client app, like a web browser, makes a connection using that port. Without ports, all of the server applications on a PC would have to inspect all of the TCP/IP traffic to look for messages they were interested in. That would not be very efficient.

Port numbers range from 0 to 65535. Port numbers within the range 1-1023 are assigned to certain services as the default agreed-upon port for that service. For instance web servers run on port 80 and FTP servers run on port 21. You can configure server software to run on another port, but most client software like a web browser or FTP client will try to connect on the default port.

 

 

WHAT IS A FIREWALL?

A firewall is software that filters TCP/IP traffic to protect a machine from intrusion, or from sending sensitive data out. The software can be running on the computer itself or it can be running on a separate computer. If the firewall is running on another computer, the first computer must make all of its internet connections through the firewall computer to benefit from the firewall.

One way hackers gain access to a system is by using "port scanner" programs to find ports they can connect to on the target machine. A firewall is usually set up to reject incoming port connections except by approved IP addresses and/or programs.

 

 

WHAT IS A PROXY SERVER?

A proxy server is a type of firewall set up to handle a particular protocol like all HTTP traffic or FTP traffic.

 

 

WHAT IS THE DIFFERENCE BETWEEN ACTIVE AND PASSIVE FTP?

FTP sessions operate over 2 ports on the FTP server and over 2 ports on the FTP client. One port, the control port, carries instructions from the client like "send me a file listing" or "I'm going to send a file" and transmits messages back to the client from the server like "no such directory" or "got the file successfully". The other port, the data port, handles the actual data like the text of the file listing or the actual file data being sent or received.

The client decides whether the FTP session will be active or passive. In an active FTP session, which is the default for most clients, the server connects to a port number on the client to be used for the data port. But firewalls are usually set up to reject incoming port connections, except to pre-established port numbers, because that is one way hackers gain access to a system. In that case the FTP client will not be able to work if it uses an active connection. The only way around it would be to set up the firewall to allow inbound connections to any port, which defeats the purpose of the firewall. Due to this problem, a passive connection is required to successfully FTP out of most firewalls.

In a passive connection, the FTP client initiates the connection to a port on the server to be used for the data port. This makes things safer for the computer the client is running on since it does not have to allow arbitrary incoming connections. Ironically, since passive connections pose security risks for the server similar to the risks posed to the client by active connections, some servers do not accept passive connections.

 

sf_PassiveMode ( onOrOffFlag )

onOrOffFlag: Boolean, TRUE to turn passive mode on. Default is FALSE, active connection.

Returns: No return

Sets the connection mode to use for the next file transfer or or file listing request. Has no effect on a transfer currently under way. This command may be necessary when the user is running behind a firewall.

 

sf_PortNumber ( portNumber )

portNumber: Integer, FTP server control port number. Default is 21.

Returns: No return.

Sets the port number on the FTP server to connect to on the next file transfer or or file listing request. Has no effect on a transfer currently under way. Most normal FTP servers listen to port 21. This command may be necessary to connect to an unusually configured FTP server, but it is mostly used for connecting through an FTP proxy server.

 

 

CONNECTING TO A PROXY SERVER

You use a proxy server by connecting to IT, rather than the FTP server you actually want to access, and telling the proxy server which remote site you actually want to connect to. The proxy server then connects to the intended FTP server and acts as a go-between.

To accomplish this using ShockFiler you must first use sf_PortNumber to change the connection port to the one the proxy server is running on, if it is not 21. Then, in the sf_Send or sf_RequestFileListing command, you must pass the proxy server's IP address in the host parameter, and username and password parameters in the format required by the proxy server. These two paramaters must communicate to the proxy server what ACTUAL FTP server you want to connect to, and possibly the usernames and passwords for both the proxy server and the actual remote FTP server.

The requirements for the user and password fields vary among proxy servers, but following example shows the most common format. In this example you want to send files to the following actual FTP server:

 

host: ftp.realserver.com

username: james

password: topsecret

 

On your network, the proxy server listens to port 2020, not port 21, for control commands. The proxy server IP address is 192.241.49.49. The proxy server does not require a user name or password to log on to it. To access ftp.realserver.com through the proxy server, you would do the following:

 

1. Use sf_PortNumber(2020) to set the server connection port to 2020

2. In either the sf_Send or sf_RequestFileList command you would specify the following for host, user and password:

 

host: 192.241.49.49

username: james@ftp.realserver.com

password: topsecret

 

The host IP is the IP address of the proxy server. The username parameter contains the address of the actual server you want to connect to after the @ separator and the password for the actual server before the @ separator. The password field contains the password for the actual FTP server.

Some proxy servers require a user name and password to connect to them, which is completely separate from the ones you would use to connect to the actual FTP server. In that case more information would be needed in the username and password fields. Since the format of the information and the characters used to separate the information in the fields varies between proxy servers, the proxy server manual or system admin is the best source of information as to what will work in those parameters.

In some cases the proxy server requires two logins, one to input the proxy server username and password, and the second to input the remote host address, username and password. ShockFiler Xtra will not work with a proxy server that requires a double-login.