Right, ftp-redirecting doesn't work, because you oviously don't have the http-header to analyze for your proxy. Either use squid and set ftp-proxy or use SuSE-Proxy-Suite, I've never tried the latter but I had no troubles with squid up to now. Ralf Peter Wiersig wrote:
Am Mittwoch, 23. Januar 2002 18:47 schrieb Stephan:
Von: Alberto Tarantino [mailto:alberto.tarantino@archidata.it]
I know it might sound like a "dirty trick".. but.. why don't you use port redirection and Squid as FTP proxy? That might improve security as well as be a very easy ti implement solution.
How exactly must this be done ?
I think it won't work.
ftp is a protocol which is a bit harder to manage in a firewall.
I wouldn't try to use port redirection but install a ftp-proxy and configure my client programs to use this proxy.
The firewall rule I would chose would be:
iptables -p tcp -s ! ftpproxy/32 -d 0/0 --dport 21 -j REJECT
and this would only apply to traffic from internal to external networks.
Peter
-- ------------------------------------------------------------ Ralf Ronneburger ralf@ronneburger.de Prefers to receive encrypted Mail, download public-key from http://www.ronneburger.net/gpg/ralf_ronneburger.asc ------------------------------------------------------------