linux poison RSS
linux poison Email

Transparent Caching ftp proxy server - frox

Frox is a transparent FTP proxy that runs under Linux and *BSD. It should also work on other UNIX OSes that use ipfilter.

Frox Features:
 * active - passive mode conversion for data connections.
 * It supports caching of FTP downloads, either through a local cache, or by redirecting connections through another proxy such as squid.
 * Downloads may be transparently scanned for viruses (through an external scanner).
 * Optional non-transparent proxy support by logging in with user@host:port.
 * Options to bind to a specific interface, chroot, and drop priveleges for security.
 * Written with security in mind, default setup runs as a non-root user in a chroot jail.

This means that any clients you have that are behind the proxy will believe that they are connecting to an ftp server as normal, but will actually be connecting to frox. Frox will do the onward connection to the remote server.

It can also be set up to do non-transparent proxying. In this case the ftp client can connect directly to frox, but instead of logging in with ``username'' should log in with ``''.

On either of these sorts of connections it can do caching of files you download, or converting of data connections from active - passive which can make firewalling rules a lot easier/safer. Frox can also encrypt connections that it makes to ftp servers which support it.

Frox Installation and Configuration:
Ubuntu user can install frox using following command (from terminal):
sudo apt-get install frox
After successful installation, you need to configure frox configuration file (/etc/frox.conf) using any editor and adjust the following parameters

Change "Listen" to the IP you want to listen on.
Change "WorkingDir".
Set "User" and "Group" to the User/Group you want frox to run as.
Set "DoNTP" to "Yes" if you want this.
Set "ResolvLoadHack" to a hostname that does not exist! (See FAQ sect 3)
Set other options as documented in the config file.

Frox does not implement ftp proxy over HTTP. This means if you configure a web browser (eg. Netscape/Mozilla/IE) to use frox as their ftp proxy it won't work. If you leave them with ftp-proxy unconfigured then they should be transparently proxied like anything else.


Anonymous said...

Great post! Congrats!

Unknown said...

You can also "pin" frox to one specific ftp server by using the rp patch from
That way your users connect to your proxy and don't even need to know your real ftp server. To them it will appear as if you are running your ftp server on your proxy server.

Post a Comment

Related Posts with Thumbnails