You can manage several aspects of the appliance using an FTP client on a workstation connected to a network where the appliance is visible. The appliance's FTP services let you get and put configuration files, log files, and the optional splash screen (which you can customize with your own HTML).
The following sections contain important information about using iChain Proxy Services FTP services:
The appliance's system supports access from both active and passive FTP clients. The fact that passive FTP is often required to traverse a firewall has certain implications for using FTP with the appliance.
FTP access through a DOS window: Because DOS uses only active FTP, you cannot access an appliance that is outside a firewall through a DOS window on a client inside the firewall. The reverse is also generally true. If the appliance is inside a firewall, you cannot usually access it through a DOS window on a client outside the firewall.
FTP access through a browser outside the firewall: You cannot usually access an appliance inside a firewill through a browser that is outside the firewall.
FTP access through a browser inside the firewall: Because Netscape browsers use passive FTP, you can usually access an appliance outside the firewall from a Netscape browser inside the firewall.
To access an appliance outside a firewall using Internet Explorer 5 inside the firewall, you must configure the browser to use passive FTP.
In the browser, click Tools > Internet Options > Advanced.
Under Browsing, select Use Web-Based FTP.
This option name varies according to browser version. In Internet Explorer 5.5, for example, the option is Use Passive FTP for compatibility with some firewalls and DSL modems.
Click OK.
Appliance routing and transparent proxy limitations on FTP: When using the built-in appliance router capabilities in a transparent proxy situation, users cannot be able to perform browser-based FTP using ftp:// as the protocol. Browser-based FTP works normally with forward proxy.
Before using FTP services to manage the appliance, ensure that the appliance's Mini FTP Server is properly configured.
Start the browser-based management tool > click Configure > FTP.
Ensure that at least one of the IP addresses in the Server IP Addresses list is selected.
You use the selected address for your FTP session. IP address 172.16.0.1 is selected by default.
The appliance's Mini FTP Server was originally designed only for uploading and executing appliance configuration (.NAS) files. This functionality has been expanded and currently supports the following commands:
CDDELELS and DIRPWDQUITSYSTTYPEUSER
The Mini FTP Server has no support for wildcard characters.
The Mini FTP Server does not work with directory or file names that contain spaces.
Mini FTP server access is limited to the following directories and their subdirectories:
sys:etc\proxy\mftp
sys:etc\proxy\appliance
sys:etc\proxy\appliance
sys:etc\proxy\data
sys:etc\appliance
sys:etc\applianc
log:etc\proxy\data
When you log in to the FTP server, the sys:etc\proxy\appliance\config\user directory is the default.
To execute a .nas configuration file, you must be in this default directory and use the following syntax:
put local_filename remote_filename,execute
The local_filename variable is the name of the .nas file on your local machine and the remote_filename variable is the name after the file is uploaded to the appliance.
Launch your FTP application and enter a valid appliance IP address, for example:
ftp 172.16.0.1
Log in to the appliance using the Config username and the password you have set.
The default working volume and directory for FTP sessions is sys:\etc\proxy\appliance\config\user. This means that the sys: volume is implied for all FTP commands unless the log: volume is specifically included.
You can use the cd (change directory) command to change the current volume and directory path. For example, cd log:/etc/proxy/data changes the working path to the LOG: volume and the directory path to \etc\proxy\data.
FTP commands that include only a directory path and that are issued subsequent to the cd command use the newly specified volume.
You can specify a full path (volume and directory) when using the get and put commands to copy files to or from any FTP-accessible location. However, the default volume and directory are unaffected by these commands. Only the cd command changes the FTP working path.
All appliance settings are contained in configuration text files with the extension .nas. These files can be edited and sent through FTP back to the appliance where they can be executed as a means of instant configuration.
By using several configuration files, you can quickly apply different scenarios, such as turning various proxy services on or off. The appliance updates the default current.nas file every time you apply a setting. Additionally, if you have created a file on a floppy disk, it is updated with each change. From the browser-based management tool or the Telnet/command line interface, you can export other configuration files.
Start FTP and log in as explained in Starting an FTP Session with the Appliance.
Enter the following, where filename is the name of your configuration file:
get filename.nas
The file is transferred to your FTP client's default directory.
Start FTP and log in as explained inStarting an FTP Session with the Appliance.
Enter the following, where filename is the name of your configuration file:
put filename.nas
The file is transferred to the appliance.
Start FTP and log in as explained in Starting an FTP Session with the Appliance.
Enter the following, where filesrc is the name of the source configuration file and filedst is the name used at the destination:
put filesrc.nas filedst.nas,execute
The appliance has an optional splash screen that displays before pages are vended.
The splash screen has the root filename bmsplash. A three-letter extension indicates whether the splash screen is disabled (.off) or enabled (.htm). The screen is disabled by default.
To alter the appearance of the splash screen:
Start FTP and log in as explained in Starting an FTP Session with the Appliance.
To download the splash screen to you can modify it, do one of the following:
If the splash screen is enabled, enter:
get /etc/proxy/data/bmsplash.htm
If the splash screen is not enabled, enter:
get /etc/proxy/data/bmsplash.off
Modify the file.
To upload the splash screen after you have modified it, do one of the following:
If the splash screen is enabled, enter:
put bmsplash.htm /etc/proxy/data/bmsplash.htm
If the splash screen is not enabled, enter:
put bmsplash.off /etc/proxy/data/bmsplash.off