Current Path : /usr/src/contrib/ipfilter/rules/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/src/contrib/ipfilter/rules/ftp-proxy |
How to setup FTP proxying using the built in proxy code. ======================================================== NOTE: Currently, the built-in FTP proxy is only available for use with NAT (i.e. only if you're already using "map" rules with ipnat). It does support null-NAT mappings, that is, using the proxy without changing the addresses. Lets assume your network diagram looks something like this: [host A] |a ---+-------------+---------- |b [host B] |c ---+-------------+---------- |d [host C] and IP Filter is running on host B. If you want to proxy FTP from A to C then you would do: map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp int-c = name of "interface c" ipaddr-a = ip# of interface a ipaddr-c-net = another ip# on the C-network (usually not the same as the interface). e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0 which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was 203.45.67.90, you would do: map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp where: ipaddr-a = 10.1.1.1 int-c = vx0 ipaddr-c-net = 203.45.67.91 The "map" rule for this proxy should precede any other NAT rules you are using.