46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
|
How to setup FTP proxying using the built in proxy code.
|
||
|
========================================================
|
||
|
|
||
|
NOTE: Currently, the built-in FTP proxy is only available for use with NAT
|
||
|
(i.e. only if you're already using "map" rules with ipnat). It does
|
||
|
support null-NAT mappings, that is, using the proxy without changing
|
||
|
the addresses.
|
||
|
|
||
|
Lets assume your network diagram looks something like this:
|
||
|
|
||
|
|
||
|
[host A]
|
||
|
|a
|
||
|
---+-------------+----------
|
||
|
|b
|
||
|
[host B]
|
||
|
|c
|
||
|
---+-------------+----------
|
||
|
|d
|
||
|
[host C]
|
||
|
|
||
|
and IP Filter is running on host B. If you want to proxy FTP from A to C
|
||
|
then you would do:
|
||
|
|
||
|
map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp
|
||
|
|
||
|
int-c = name of "interface c"
|
||
|
ipaddr-a = ip# of interface a
|
||
|
ipaddr-c-net = another ip# on the C-network (usually not the same as the
|
||
|
interface).
|
||
|
|
||
|
e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0
|
||
|
which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was
|
||
|
203.45.67.90, you would do:
|
||
|
|
||
|
map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp
|
||
|
|
||
|
where:
|
||
|
ipaddr-a = 10.1.1.1
|
||
|
int-c = vx0
|
||
|
ipaddr-c-net = 203.45.67.91
|
||
|
|
||
|
The "map" rule for this proxy should precede any other NAT rules you are
|
||
|
using.
|
||
|
|