Re: [proxy-suite] 2 Problems: transparent mode and iptables, chroot with non root
Hi Antoniu-George, thank you for your answer. 1) Problem with transparent mode
What's your 'DestinationAddress' in the configuration file?
Its prety basic. The chrooted directory must be owned by the user under which
I tried to use it without 'DestinationAddress' as it is written in the TRANSPARENT_PROXY.txt. When I use 'DestinationAddress' I can transparently connect to this server but connection to other servers fails I mean it doesn't work transparent. I would be great to have transparent outbound connections. 2) Problem with chroot the
ftp-proxy runs. Also, better be sure that the '/var/ftp-proxy/rundir' exists. (mkdir -p /var/ftp-proxy/rundir)
The directory exists and everything in /var/ftp-proxy/ and all subdirs is owned by the user ftpproxy (and group nogroup). I created the directories automatically as it is written in ftp-proxy-chroot.txt (with SuSE's script) and did a chown -R ftpproxy:nogroup /var/ftp-proxy/.
(chroot with user root works fine.)
Of course only root has the rights to do chroot(). Maybe it might be possible to set the uid just after the chroot() command.
It is done already.
Well, than it seems that I have another problem.
Send your configuration file also if this won't help you. Here is my configuration file (I stripped most of the comments :-)
------------------------------------------------------------------------------------------------------------------------------------------------> [-Global-] ActiveMinDataPort 40000 ActiveMaxDataPort 40001 AllowMagicUser yes AllowTransProxy yes DestinationAddress 192.168.202.4 #DestinationTransferMode client #DestinationTransferMode passive DestinationTransferMode active Group nogroup Listen 192.168.128.224 LogDestination /var/log/ftp-proxy.log MaxClients 64 PassiveMinDataPort 41000 PassiveMaxDataPort 41999 Port 1088 #SameAddress yes ServerRoot /var/ftp-proxy/rundir ServerType standalone User ftpproxy WelcomeMessage /etc/proxy-suite/ftp-welcome.txt <------------------------------------------------------------------------------------------------------------------------------------------------ Here is a strace output of the ftp-proxy: select(5, [4], [], NULL, {47, 270000} ) = 1 (in [4], left {38, 190000}) accept(4, {sin_family=AF_INET, sin_port=htons(32881), sin_addr=inet_addr("192.168.128.251")}}, [16]) = 5 setsockopt(5, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 setsockopt(5, SOL_SOCKET, SO_LINGER, [1], 8) = 0 setsockopt(5, SOL_SOCKET, SO_OOBINLINE, [1], 4) = 0 setsockopt(5, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 setsockopt(5, SOL_IP, IP_TOS, [16], 4) = 0 getpeername(5, {sin_family=AF_INET, sin_port=htons(32881), sin_addr=inet_addr("192.168.128.251")}}, [16]) = 0 time(NULL) = 994170890 fork() = 5676 --- SIGCHLD (Child exited) --- wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 1], WNOHANG, NULL) = 5676 wait4(-1, 0xbfffec58, WNOHANG, NULL) = -1 ECHILD (No child processes) rt_sigaction(SIGCHLD, {0x804a870, [CHLD], SA_RESTART|0x4000000}, {0x804a870, [CHLD], SA_RESTART|0x4000000}, 8) = 0 sigreturn() = ? (mask now []) close(5) = 0 select(5, [4], [], NULL, {60, 0} I hope anybody can help. Regards Daniel
participants (1)
-
"Daniel Erdös"