FTP_ Proxy_LITE
Problem this snippet solves:
Summary: Simple FTP Proxy iRule to emaulate FTP proxy functionality found in Bluecoat and/or Ironport Proxies. Contributed by: Bhattman @ gmail dot com
How to use this snippet:
How it works
FTP client (CuteFTP/WS_FTP, etc) is configured to explicitly point to a FTP Proxy VIP containing the iRule below on port 21 and utilize the authentication type USER@. The iRule strips takes uses to direct FTP traffic to site and thus allows FTP connectivity.
Special Considerations
If the ftp site is remote from the F5 ADC then consider Autosnat either in the iRule OR configured at the VIP level.
Limitations
Written to work in v9.3.0. Does not perform hostname lookups - must use ip address for connect to remote ftp server. Since the Remote FTP server is connected on demand, it doesn't perform any healthchecks. v10 is located here http://devcentral.f5.com/wiki/default.aspx/iRules/FTP_Proxy_v10.html
Additional Notes
Feel free to make improvements such as adding the ability to use hostnames, which will involve lookups. This might also require https://support.f5.com/kb/en-us/solutions/public/8000/400/sol8437.html to make the hostname resolution to work.
Code :
when CLIENT_ACCEPTED { TCP::respond "220 Welcome to the F5 FTP Proxy\r\n" log local0. "client accepted" TCP::collect } when CLIENT_DATA { set ftplogin [TCP::payload] if { $ftplogin starts_with "USER" } { set cuser [TCP::payload] scan $cuser {%[^@]@%s} garbage remote_ftp_site_addr scan $garbage %s%s cmd uid TCP::payload replace 0 [string length $cuser ] "USER $uid\r\n" node $remote_ftp_site_addr [TCP::local_port] } TCP::release }