| How to setup FTP proxying using the built in proxy code. |
| ======================================================== |
| |
| NOTE: Currently, the built-in FTP proxy is only available for use with NAT |
| (i.e. only if you're already using "map" rules with ipnat). It does |
| support null-NAT mappings, that is, using the proxy without changing |
| the addresses. |
| |
| Lets assume your network diagram looks something like this: |
| |
| |
| [host A] |
| |a |
| ---+-------------+---------- |
| |b |
| [host B] |
| |c |
| ---+-------------+---------- |
| |d |
| [host C] |
| |
| and IP Filter is running on host B. If you want to proxy FTP from A to C |
| then you would do: |
| |
| map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp |
| |
| int-c = name of "interface c" |
| ipaddr-a = ip# of interface a |
| ipaddr-c-net = another ip# on the C-network (usually not the same as the |
| interface). |
| |
| e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0 |
| which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was |
| 203.45.67.90, you would do: |
| |
| map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp |
| |
| where: |
| ipaddr-a = 10.1.1.1 |
| int-c = vx0 |
| ipaddr-c-net = 203.45.67.91 |
| |
| The "map" rule for this proxy should precede any other NAT rules you are |
| using. |
| |