Re: [proxy-suite] Using ftp-proxy for outgoing FTP
Marius Tomaschewski
See ftp://ftp.suse.com/pub/projects/proxy-suite/src/TRANSPARENT_PROXY.txt
and its "AllowTransProxy" config directive.
Thanks! A followup question:
How can we limit who would have access to outgoing FTP using this software?
By IP obviously, but would authentication mechanisms be possible?
--
fraser campbell
Hi! On Thu, Jan 11, 2001 at 11:26:16AM -0500, Fraser Campbell wrote:
Marius Tomaschewski
writes: See ftp://ftp.suse.com/pub/projects/proxy-suite/src/TRANSPARENT_PROXY.txt
and its "AllowTransProxy" config directive.
Thanks! A followup question:
How can we limit who would have access to outgoing FTP using this software? By IP obviously, but would authentication mechanisms be possible?
There is no user based auth possible, because we do not use any
FTP extensions. You can use the TCPWrapper (/etc/hosts.{allow,deny})
for host based access limits, or with ipchains rules.
This is a simplyfied description (you have to know what you are
doing :-), but may point you to the setup you want:
If you do not use AllowMagicUser, there is no need to allow the
users to do direct connections to the proxy (transparent proxying
mode only), so you simply redirect only connections from allowed
networks to the proxy. If you use AllowMagicUser, you have to
deny unallowed networks first and add the redirection rules after
them.
In the transparent mode, the proxy checks the IP the user wanted
to connect (before redirect) and connects them to the IP.
AllowMagicUser allows to override this destination in the USER
command...
cu,
Marius Tomaschewski
participants (2)
-
Fraser Campbell
-
Marius Tomaschewski