ftpwire
FTPWIRE is a very simple FTP daemon.
Use 'ipftp' when you need to send data using FTP - or Grab data from a remote
FTPd site.
Use 'ftpwire' when a remote host needs to send to the Fip.
The file is slotted into the spool/2brouted queue for IPROUTE to process and
route.
To send to ftpwire, use the normal 'ftp' program :
ftp -P 9130 (hostname of the Fip)
or ftp hostname 9130
FTP uses 2 ports - one for control and the other for data. In normal FTPese,
these are 21 and 20. 'ftpwire' use the -P input switch to define the Control
port. If it is started with port 21, then it will use port 20 as a fixed port
to send data from/to.
If the parameter 'fixed-data-port' is set, that number is used.
Otherwise the dataport is just the first available port.
Remember ports 20 and 21 are reserved ports on Unix/Linux and 'root' must start
any program using a port < 1024 (and you must make sure ftpd in inet.d or
xinet.d is disabled or on a different port)
If using WIN2K, you MUST specify a unique wireid using the -I input switch and
specify several instances of ftpwire in the SYSTEM file for the number of
instances you want.
If using Unix/Linux, only one instance of ftpwire should be in the SYSTEM file
and the -E 99 switch is used to determine the number of simultaneous inputs.
-- Optional parameter file is under tables/wire and the '-n' input switch and
defaults to FTPWIRE. A '.FIP' extension may be added.
Syntax :
; comment line
banner: Replacement banner
logon-file:(filename) See below - default LOGON.(-n) or LOGON.FTPWIRE.FIP
allow-blank-pwd: (yes/no) If there is a blank password in the logon file,
accept ANY password. default-no
use-w4-logon-list:(name eg FIPO.EXTERNAL)
Use this Fip w4 LogonList file for authentication and ignore all other
auth methods such as LOGON.FTPWIRE.FIP
w4-logon-restrict-templates:(name(s) eg RADIUS_FTPUSER,RADIUS_FTPADMIN)
If using LogonList, only allow logons with this template(s)
w4-logon-restrict-pubs:(pub name(s) eg PIF,BIG,DAILY)
If using LogonList, only allow logons with this pub code
w4-logon-topq:
w4-logon-outq:
w4-logon-copyq:
w4-logon-fiphdr:
w4-logon-options: if usin LogonList, use these default values (see Logon
below for fuller explanation of each)
use-etc-passwd: yes/no (Linux/Unix only) - if YES, use the /etc/passwd file
for authentication and ignore all other auth methods such as LOGON.FTPWIRE.FIP
default: no
external-path: (path) for etc/passwd, Only allow logons with a home folder
starting with this path
eg external-path:/home/ftp expects all the home folders below /home/ftp
default: nothing specified for all folders
external-shell: (shell) For /etc/passwd, Only allow logons that run this
shell
external-shell:/bin/nologin
default: nothing specified for all shells
external-min-uid: (Uid number) For /etc/passwd, Only allow logons with Uids
higher than this number to logon
Stop anyone logging on a root !
default: 400
external-min-gid: (Gid number) For /etc/passwd, Only allow logons with Group
ids higher than this number to logon
default: none
nat-pasv-address:(Ip address) if using a proxy and/or NAT addresses, this is
the address of THIS host to the outside world. It is used in the PORT command
extra-fiphdr: (fipseq) Additional FipHdr info to be added to each incoming
file. default none
extra-fiphdr-ext: (fipseq) Additional FipHdr info to be added to each incoming
file. default none
no-archive: do NOT archive the data in the daily archive files in log/data
(ZI: fiphdr field)
display-log (yes/no/file/logon) (same as -D) Display all commands for each
connection default: no
Use this to trace problem connections
Option 'file' will log the transactions in a dated file in log/ftp
Option 'logon' will log the transactions in a dated file for that logon in
log/ftp
cwd-code:200 CWD response code MUST be a 3 digit number between 200 and 299.
There is some confusion whether the response should be 257 or 200. default:
257
pwd-quote: (' " or a space) Quote for response to a PWD command.
Valid options are doublequote ", singlequote ' or a space default: "
add-list-dots:yes/no Add the two folders for '.' and '..' for a long list
default: no
force-folder-names:lower/upper/nochg Force the case of any request for folder
names default: nochange
force-file-names:lower/upper/nochg Force the case of any request for file
names default: nochange
Use these to handle Win2k <->Linux case issues - where a case-INsensitive
client is talking to a case-SENS servers
One suggestion is to force all folders and files lowercase and set both of
these ..:lower
balance-group; (Balance Group name) Balance group for balancing doneque items
default: none / no balancing
This group MUST be in sys/BALANCE
balance-folder: (folder under spool) Balance queue for balancing doneque items
default: 2balance
move-on-read-group: (Balance Group name) Balance group for redundant
move-on-read default: none / no balancing
This needs a move-on-read-folder to be specified
move-on-read-folder: (FipSeq name of a folder) Name of folder for files once
read default: none
default-move-on-read: (yes/no) Default for Move on Read default: no
min-data-port: (number)
max-data-port: (number)
minimum (default is 32000) and maximum (def 64000) range of part number for
the DATA port
fixed-data-port: (number) A single, fixed data port number.
Default is port 20 if the Control port is set to 21 (-P 21),
otherwise it is a high port within the range specifiied by the min and max
(see above)
connection-retries: (number) default 5
send-timeout: (number) default 60 secs
recv-timeout: (number) default 60 secs
connection-timeout: (number) default 20 secs
session-timeout: (number) default 1200 secs (20 mins) of no activity
between-files-timeout: (number) default 1200 secs (20 mins) of no activity
round-robin: (number) default: none
round-robin-fiphdr: (2 letter FipHdr field) default: none
round-robin-offset-fiphdr: (2 letter FipHdr field) default: none
Round-Robin the output files and add the RR number to the fipHdr.
Both parameters are required - the Number is the MAXimum.
eg to leave the output in folder1 to folder9
round-robin:9
round-robin-fiphdr:RR
round-robin-offset-fiphdr:RO
and a suitable output folder might be /fip/spool/xchgRR
(This can be in the LOGON file or the default input switch -O xchg\R
(remember double backers)
Note that the round-robin number is NOT added automatically to any output
folder - ie you MUST specify a FipHdr as in /fip/spool/2xmlRR
The round-robin-offset-fiphdr allows the RR number to be offset by the -R
input switch which is the base offset - default 1
So if '-R 8' and 'round-robin:10', the output will be in (folder)8 to
(folder)17
So WITHOUT the -R switch both round-robin-fiphdr and
round-robin-offset-fiphdr will give the same number.
allow: (IPaddress to allow)
disallow: (IPaddress to block)
use this for blacklist/whitelist certain addresses
A '*' (star) can be used to indicate ALL eg 10.3.3.*
disconnect-limit: (number)
number of logon/password errors before connection is broken
default: ignored
disable-limit: (number)
number of logon/password errors before logon is blacklisted
default: ignored
allow-site-fiphdr: (yes/no) see SITE FIPHDR below default: no
allow-anon: (yes/no) Allow anonymous logons default-no
anon-desc: For Anon logons, fill in the default logon fields....
anon-topq:
anon-outq:
anon-fiphdr:
anon-standalone:
anon-display: Override the default display setting (same as -D)
timing-stats: (yes/no) generate Timing stats (default is now YES)
-- Logons and Passwords
There are 3 (main) types of Authentication.
- default - using a Fip pipe delimited file called LOGON_FTPWIRE.FIP (or the
parameter of the '-n' input switch.
- for Unix/Linux, using the normal /etc/passwd file
- using the Fip w4 LogonList file
The following describes the parameter file syntax for the default. Please see
the relevant (external) doc for the others.
The types of logon/password are
- anonymous logon
use input switch -A to allow (disallowd by default)
use parameters to optionally add more information
anon-desc - just a note for logging
anon-fiphdr - extra fiphdr to add to each file
anon-topq - top folder for LIST and GETs
default is LISTs and GETS are not allowed
anon-copyq - folder holding a copy of any incoming file
anon-curq - under
- full logon and password (normal running)
- logon and allow any password - just leave the password blank and add -B
The Logon file is in tables/wir and is called LOGON.(name) where name is the
'-n' switch or FTPWIRE.FIP by default
fields in the Password file are pipe delimited and are :
field 0 Enabled or Disabled flag E/D
1 LogonName
2 Password
3 last mod time (used by the user interface only)
4 Description/Comment
5 optional home folder which is revealed as '/' to the remote
if this is blank, then LS and GETs are returned as no such folder/file
6 Output folder for any incoming files. If it does NOT start with a '/', the
folder is under /fip/spool
This can be in FipSeq
If blank, the default output folder is used.
7 option copy folder where an exact copy of the incoming file
this can be the same as 5-home folder if the remote needs to see the file
8 any optional ExtraFipHdr info
9 Option single letter Flags
(Negate by adding a dash/hyphen prefix
ie to make sure there is a FipHdr/filename on the putput file '-S'
S-standalone output file (original filename and no fiphdr)
C-standalone copy file (original filename and no fiphdr)
D-display all commands for this client only (ie -D for this one client)
F-allow extra FipHdr data to be added BEFORE the Store as a site command
SITE FIPHDR #SU:ZIBBLE#CX:ZIBBLE2EDITO
Z-allow delete of any Standalone Copy ('C') files
T-allow sessionTimeout of 24 hours for this client (default is 20 mins or
the session-timeout parameter)
U-allow Last File Timeout of 24 hours for this client (default is 20 mins
or the session-file-timeout parameter)
M-allow client to MKDIR a sub folder
R-allow client to RMDIR a sub folder
Q-on a CD/CWD, check the folder really does exist
eg
E|Pittlewire|zong|0|Mr Pittles Image
Agency||2edsys||#DF:PITTLEWIRE.FIP#EQ:pittle|
E|Brittle||0|Mr Brittle HardHat
Agency||xchg|#CX:B2FIP#DF:BRITTLE.FIP#EQ:brittle|
-- FipHdr fields added to each file UNLESS the Standalone option has been
flagged
SP IPaddress of the remote host
SN Filename given
SU -n input switch or FTPWIRE
SA logon name
SC chrset - defaults to ASCII
S1 client description for the logon file
S2 wire id
S3 session id
S4 current PWD
S5 any extra subfolder in a put command
S6 current Client system details (if offered by remote)
Input Parameters :
Optional :
-9 : do not use Speedy on a Speedy system
-A : allow anonymous logons default: always need a logon/pwd
-B : allow blank passwords default: always need a pwd
if the password field is blank in the LOGON file, no checking takes place.
-d : done folder default: none
This holds a copy of all incoming data files from every source
The structure is
(done folder) / (date)_(logon) eg 20110921_fip / (filename as written to the
output folder)
It can be purged with an entry in maintenance (zapfiplog)
eg if '-d raw.ftpwire' and we want the last 30 days data
/fip/bin/ipdelque -q/fip/spool/raw.ftpwire -i1 -a30
-D : display all commands for each connection default: no
Use this to trace problem connections
-E : maximum number of threads default: 1
up to a max of 200 (not Win2k)
Note this is also a hardware limit in that small systems may not be able to
run more than 50 or so
-F : allow SITE FIPHDR commands default: no
-I : wire id default: 0
used to track which instance of a multi-ftpwire system a file arrived/logged
-j : balance queue for balancing doneque items default: 2balance
-J : balance group for balancing doneque items default: -none- no balancing
This group MUST be in sys/BALANCE
-l : log level
-n : name of this wire default: FTPWIRE
-O : Name of the output folder if not default default: spool/2brouted
This folder will be under /fip/spool
-P : Port for control default: 9130
-P 21 is normal
-R : round-robin base - see above default: 1
-s : local hostname or ipaddress default: all local addresses
where a server has multiple ip address/hostnames, use '-s' to restrict
connections to a single address
-S : default is standlone and not Fip default: next folder is fip
in this case do NOT add a Fiphdr and preserve exactly the incoming filename
this can be overridden in the Logon file
-T : log timing stats default: no
-v : Print the version number and exit
-- Log levels for -l input switch are :
default (-1) errors only are logged
0 connections/disconnections
10 logons
20 each file in or out
-- The -D input switch will display all cmds etc as they come in
eg
Thu Jun 11 12:27:44 id.35 ++ New Connection FTPWIRE 195.185.192.221
w.0.id.35.tot.1
Thu Jun 11 12:27:44 id.35 Send.23 220 Fip FTP service~~|
Thu Jun 11 12:27:44 id.35 Recv.10 USER zibbly|
Thu Jun 11 12:27:44 id.35 Send.20 331 Enter password~~|
Thu Jun 11 12:27:44 id.35 Recv.12 PASS *******|
Thu Jun 11 12:27:45 id.35 Send.14 230 Logon ok~~|
Thu Jun 11 12:27:45 id.35 Recv.3 PWD|
Thu Jun 11 12:27:45 id.35 Send.7 257 /~~|
Thu Jun 11 12:27:45 id.35 Recv.4 PASV|
Thu Jun 11 12:27:45 id.35 Send.45 227 Entering Passive Mode
(10,1,1,35,125,1)~~|
Thu Jun 11 12:27:45 id.35 Recv.6 TYPE I|
Thu Jun 11 12:27:45 id.35 Send.8 200 ok~~|
Thu Jun 11 12:27:45 id.35 Recv.34 STOR 0223-42-2009-IT0001347175.zip|
Thu Jun 11 12:27:45 id.35 Send.10 150 go..~~|
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 1460 on Data Port
Thu Jun 11 12:27:45 id.35 Recv 538 on Data Port
Thu Jun 11 12:27:45 id.35 .. Incoming File logon.zibbly
file.0223-42-2009-IT0001347175.zip -> /home/hohoho [ferdy.#XX:extrastuff]
Thu Jun 11 12:27:45 id.35 Send.17 226 end of file~~|
Thu Jun 11 12:27:45 id.35 Recv.4 QUIT|
Thu Jun 11 12:27:45 id.35 Send.10 221 bibi~~|
Version Control
;00j36 5jun09 original version
;h3 spoof TYPE ;8 CWD -> 250;9 added F and H ;10-11 added -Z ;12-14 RR added
;h15-18 mixup with multicard servers and RR; 18 display as option ;1920
;j1 12sep09 speedier version ;2 15oct09 added disable/disconnect-limits ;3
minor cleanup for GET
;4 allow * in black/whitelist
;5 tuning ;6-8 added SIZE and FEAT ;9 track disableds better ;10 2dec10 added
SITE FIPHDR
;12 20may11 added FipHdr inbound if nec
;14-16 12dec11 added 'z' for standalone delete/14jan11 woops - disable ..
;17-23 22may12 RRbase added -R and bugette with speedy ;20 added
min/max-data-port ;21-23 added display-log and ms in log
;24 18oct12 added external /etc/passwd for linux
;25-7 12nov12 added Mkdir and Rmdir as logon options and FIP_SHADOW added
;28-31 5jan14 added w4 logon list too ;31 woops permissions on ls for DIR
;32 added -j -J for balQue and balGrp
;33-36 17jun14 added option Q to check that the CD /queue really did exist !
;35 getuid for shadow ;36 balance dels
(copyright) 2014 and previous years FingerPost Ltd.