== Transparent forwarding to a parent proxy ==
Hello,
Is is possible to have ftp-proxy transparently forward the flow
to a parent proxy (client -> ftp-proxy -> parent -> target)
-- client being not aware of "parent" ?
The need occurs when name resolution is not locally available,
e.g. within architectures like this:
user ---> H1:ftp-proxy ---- firewall ----> target on internet
| |
v |
LDAP auth H2:parent
Host H1 lies in intranet and provides LDAP user authentication,
but is not allowed to resolve internet names for obvious security
reasons.
So the flow has to run through another proxy, H2.
In such schemes, you usually have to do
(the LDAP auth part was stripped for clarity):
# ftp H1
user: targetuser@h2user@target@H2
pass: targetpass@h2pass
But could we configure fpt-proxy on H1 so that the client would
not have to mention H2 ?
i.e. the client would only have to enter:
# ftp H1
user: targetuser@target
pass: targetpass
This would be much more convenient !
An advanced feature, enabling to relay toward both intranet and internet
would be to have H1 try to open an FTP connection to "target", and,
if this fails, to transparently forward the flow to H2.
But in my case it's simpler, there is no intranet bouncing and
everything goes to internet via my proxies.
Regards
Phil