diff options
author | Peter Wemm <peter@FreeBSD.org> | 1997-11-16 04:52:19 +0000 |
---|---|---|
committer | Peter Wemm <peter@FreeBSD.org> | 1997-11-16 04:52:19 +0000 |
commit | af5dd3181a44c8c60d82fe2f4f8ff9ff81d98e26 (patch) | |
tree | 1abde20e1d717a2bf3509de2189cbe7fa3c9f91e /contrib/ipfilter/rules/ftp-proxy | |
parent | acdb2ce24a62f8b955af761b992ae020cc2303ef (diff) | |
download | src-af5dd3181a44c8c60d82fe2f4f8ff9ff81d98e26.tar.gz src-af5dd3181a44c8c60d82fe2f4f8ff9ff81d98e26.zip |
Import ipfilter 3.2.1 (update from 3.1.8)
Notes
Notes:
svn path=/vendor/ipfilter/dist/; revision=31183
Diffstat (limited to 'contrib/ipfilter/rules/ftp-proxy')
-rw-r--r-- | contrib/ipfilter/rules/ftp-proxy | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/contrib/ipfilter/rules/ftp-proxy b/contrib/ipfilter/rules/ftp-proxy new file mode 100644 index 000000000000..a13ef1cb0f10 --- /dev/null +++ b/contrib/ipfilter/rules/ftp-proxy @@ -0,0 +1,40 @@ +How to setup FTP proxying using the built in proxy code. +======================================================== + +NOTE: Currently, the built-in FTP proxy is only available for use with NAT + (i.e. only if you're already using "map" rules with ipnat). + +Lets assume your network diagram looks something like this: + + +[host A] + |a +---+-------------+---------- + |b + [host B] + |c +---+-------------+---------- + |d +[host C] + +and IP Filter is running on host B. If you want to proxy FTP from A to C +then you would do: + +map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy ftp ftp/tcp + +int-c = name of "interface c" +ipaddr-a = ip# of interface a +ipaddr-c-net = another ip# on the C-network (usually not the same as the +interface). + +e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0 +which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was +203.45.67.90, you would do: + +map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy ftp ftp/tcp + +where: +ipaddr-a = 10.1.1.1 +int-c = vx0 +ipaddr-c-net = 203.45.67.91 + |