KB02050401 Using the FTP Proxy service
Mailtraq provides an FTP Proxy service, to allow client machines without direct access to the Internet to make FTP connections via Mailtraq. This article explains how to set this up.
To get your FTP client to connect via Mailtraq you need to make settings in both Mailtraq and the client program. You may also need to adjust your firewall.
Setting up Mailtraq
Add the FTP Service:
In Options | Services add the 'File Transfer Protocol (FTP)' service.
In the Properties dialog for the service, in the Service tab ensure it is set to listen on port 21, and check the 'Enable FTP Proxy' checkbox.
In the Access Control tab, set the security appropriate to your circumstances. Normally option '3' is appropriate.
In the Proxy tab, check the authentication checkbox, and, if Mailtraq is responsible for managing connections to the Internet, configure how it should dial up to satisfy an FTP request
Set up user permissions:
If you are allowing everyone to use the FTP Proxy service, ensure that the Guest user has FTP Proxy priviledges: Under Options | Users click Guests, and the Priviledges tab.
If you are only allowing certain users to use the FTP Proxy service, select each user in turn, and set their priviledges appropriately.
Setting up the FTP client
There are lots of FTP client programs, so it is not possible to give a comprehensive guide to their setup. Indeed some may not support connections via a proxy at all.
As an example, WS-FTP has the concept of 'Firewalls' (by which in this context it means Proxies). To make WS-FTP use Mailtraq as a proxy, set up a Firewall in WS-FTP with the following settings:
- Hostname: The IP address or machinename where Mailtraq is running.
- User ID: The name of a primary mailbox in Mailtraq (which belongs to a user with permission to use the FTP Proxy service)
- Password: The Mailtraq password for the user
- Type: User with no logon (other settings may also work here)
- Port: 21
Using Internet Explorer browser as an FTP client
Most versions of Internet Explorer don't contain a proper ftp client. When they need to use ftp, they stream it into http (which Mailtraq's http proxy supports). So, in many cases, to get Internet Explorer working as an ftp client, all you need to do is point it at Mailtraq's normal http proxy, nominally running on port 8080.
Recent versions of Internet Explorer try to go direct to the remote ftp site via port 21 even when it's configured in Internet Options to use a proxy. If your network setup prevents that from happening, it will, after a couple of futile attempts, operate in accordance with its configured proxy settings.
There are also two ftp settings available on the Advanced tab of Internet Options: Enable folder view for FTP sites and Use Passive FTP. The first needs to be enabled and the second is optional, depending on whether your firewall/router can handle separate ftp data connections correctly.
If you are running a firewall, be aware that the FTP protocol is particularly sensitive to your firewall settings. The FTP protocol allows for connections on a number of ports in both directions. Typical symptoms of a firewall restricting access is when you can logon successfully, but not receive a directory listing. Watch the Mailtraq event log (Actions | View Event log) and see your firewall documentation for more information.