Mailinglist Archive: proxy-suite (29 mails)

< Previous Next >
Re: [proxy-suite] ipchains filter rules for ftp-proxy
  • From: Marius Tomaschewski <mt@xxxxxxx>
  • Date: Wed, 20 Jun 2001 22:30:21 +0000 (UTC)
  • Message-id: <20010621003035.C31711@xxxxxxx>
Hi!

On Wed, Jun 20, 2001 at 03:32:20PM +0200, Alois Treindl wrote:
> I intend to run ftp-proxy on the 'director' of an LVS cluster.
> The ftp server will run on one of the real servers in the cluster.
>
> I use ipchains for firewalling the director against the Internet.
> Only a very limited set of rules is curently active, to
> allow ssh access to the 'director' and for the load balanced
> http services, plus DNS and NTP lookups and such stuff.
>
> Question:
> Does someone have a ruleset for ipchains for the additional
> rules required for the ftp proxy service.
>
> a) allowing public access to the ftp-proxy service from outside

You do not need any redirection rules nor transparent proxying
if you have only one ftp-server - simply set DestinationAddess
to the IP of the ftp-server and say to the internet, the proxy
machine is your ftp-server.

> b) (if possible) allowing inside users to use an ftp client (like
> ncftp or wget) to access public ftp servers on the Internet.

start a second ftp-proxy with transparent proxying in the
internal interface of the proxy machine.
See TransProxy-Mini-Howto.txt.

Gruesse,
Marius Tomaschewski <mt@xxxxxxx>
--
SuSE GmbH, Hamburg --- SuSE Labs, Product Developement
GPG/PGP public key see: http://www.suse.de/~mt/mt.pgp
Key-FP: DF17 271A AD15 006A 5BB9 6C96 CA2F F3F7 373A 1CC0

< Previous Next >
References