On Thu, Mar 21, 2002 at 03:56:17PM +0100, Dietmar Strasdat wrote:
Hello proxy-suite list,
Hi!
some things i don't understand to configure a transparent-proxy for ftp. The proxy has to redirect internel ftp requests to externel ftp server.
All internal traffic to one external ftp-server ?? You have to setup transparent redirections via ipchains/iptables and set the DestinationAddress to the external ftp-server. Do not use the transproxy-Feature in the proxy config nor magic user.
The machine is a SuSe 2.2.19 kernel with SuSe 7.0 environment and marcs ipchains firewall 4.9
At time i use squid for ftp and http requests at port 3128 and a Proftp Server for the internal net on port 21 starting in inetd.
You have to use a different port for one of them.
Now i set up /etc/proxy-suite/ftp-proxy.conf and /usr/local/etc/proxy-suite/ftp-proxy.conf
Do i have to setup both files?
AllowTransProxy yes AllowMagicUser yes UseMagicChar % PortResetsPasv yes DestinationTransferMode passive Listen 172.16.2.5 #internal Router IP LogDestination deamon ServerType Standalone
like the TransProxy-mini-Howto
I renamed the startscript ./ftp-proxy/rcscript to /sbin/rcftp-proxy and make it executable
OK.
first time after starting the error:
TECH-ERR can't detach daemon
comes up. After disabling proftp in inetd it was possible to start the proxy with /sbin/rcftp-proxy start and login localy.
How can i configure my proftp to listen localy on port 21 and use the proxy for outgoing ftp demands?
IMHO proftpd does not support this - it is a server, not a client and it does no client requests at all.
testing the proxy localy works well
if i test it from a client with disabling proxy the client connect directly to the foreign ftp server, there is no entry in /var/log/messasges
Why does the "transparent" doesn't work?
Transparent proxying does not work for outgoing connections on the gateway but for incoming: client --> gateway --> internet | | (redirection) | |-> proxy --> if the requests comes to the gateway and are not directed to the gateway but to an other host, the kernel should redirect (acc. to your rules) them to the proxy running on the gateway and the proxy "reads" the destination the client wants to connect and connects to this destination. you can't start a client on the gateway itself and use the proxy in transparent more from there - it works only for clients "behind" the gateway.
Masquerading is done by the firewall, do i have to disable ftp-forwarding in FW_MASQ_MODULES= ?
Please draw a ascii picture of your network and how the
request should work.
I do not really understand what you want to configure.
Gruesse,
Marius Tomaschewski