Transferring Files with Reverse Proxy

Once the configuration tasks have been completed for the proxy server, internal destination server, and external clients, file transfers from external users are completely transparent. To make transfers to the internal server, users need only specify the following:

  • the IP address or domain name on the proxy server that corresponds to the internal destination
  • the correct SSH port for the connection to the proxy server
  • the target directory on the internal destination server
  • any optional parameters related to a transfer session

From the Command Line

The following configuration examples show the squash-user and individual-account approaches in the same system:

* Although the user names on the external client are bear and bobcat in the above example, they do not need to correspond to user names on the Proxy server and internal server.

The reverse-proxy rules for each configuration are defined on the proxy server in aspera.conf:

Users bear and bobcat have valid SSH key pairs and accounts on the proxy server. From the command line, bear runs the following ascp command specifying the proxy instance governed by the squash rule:

Since the rule for proxy instance 189.0.202.39 specifies a squash user (xfer), the file belonging to bear, bobcat, or anyone using that proxy instance, will be owned by xfer when it arrives on the internal server.

The -P 33001 flag specifies the SSH port on the proxy server (not the port on the internal server, which is specified in the rule). The port must be specified on the command line if port 22 is disabled in /etc/ssh/sshd_config.

Users bear and bobcat have valid SSH key pairs and accounts on both the proxy server and the internal server. From the command line, bobcat runs the following ascp command specifying the proxy instance for the individual-user approach:

$ ascp -P 33001 testfile_bobcat bobcat@189.0.202.40:/user/bobcat 

Since the rule for proxy instance 189.0.202.40 does not specify a squash user, the file will still be owned by bobcat when it arrives on the internal server.

From the Enterprise Server GUI

All GUI-based Aspera transfer products can be used with IBM Aspera Proxy, as well.

For example, user bear could also have made the above transfer with the Enterprise Server GUI. In the following display, bear has set up a connection called “zambezi” using the same parameters as above. The IP address of the proxy instance 189.0.202.39 (squash-user rule) is specified as the host. The filename forbear’s private SSH key is specified under Authentication/Public Key. The target directory on the internal server is specified as /user/bear. The ports are specified as 33001 on the Advanced Connection Settings menu accessed from the Advanced button.



When bear's connection to the proxy server is established, the /tmp target directory on the internal server is visible as in the right-hand panel in the display below, and ready for bear to make the transfer.