Hi, I am using proxy-suite-1.7.tp8-6 on SuSE 7.1 kernel 2.2.19 along with SuSEfirewall version 5.1 with public services www and ftp are served on a separate network in DMZ with private IP eth0=192.168.1.0/29 LOCAL network eth1=REALIP/32 eth2=192.168.2.0/29 DMZ FW_SERVICES_EXTERNAL_TCP="21 22" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_REDIRECT_TCP="192.168.1.0/29,0/0,21,21" So far everything works for the outgoing and incoming ftp traffic. It is only the logs that make me think if there are things I can improve. The question is how can I make the proxy pass the client ip ( in this case 217.xxx.xx.xx to vsftp so vsftpd.log will show the proper client ip not the ip of the firewall box connected to DMZ proxy-suite is running with choot managed by compartment Here is the ftp-proxy.conf [-Global-] UseMagicChar % AllowMagicUser yes AllowTransProxy yes DestinationAddress 192.168.2.2 DestinationTransferMode passive LogDestination daemon MaxClients 32 MaxClientsString The server is full try later PortResetsPasv yes ServerType standalone WelcomeMessage /etc/proxy-suite/ftp-welcome.txt WelcomeString Have fun Here is what the ftp-proxy logs USER-INF connect from 217.xxx.xx.xx USER-WRN requested transparent proxy dest REALIP is local USER-INF 'USER anonymous' from 217.xxx.xx.xx USER-INF reading data for 'anonymous' from cfg-file USER-INF 'PASS XXXX' from 217.xxx.xx.xx USER-INF 'mkd /pub/115548309' from 217.xxx.xx.xx USER-INF 'mkd /incoming/115548309' from 217.xxx.xx.xx USER-INF 'mkd /_vti_pvt/115548309' from 217.xxx.xx.xx USER-INF 'mkd /public/115548309' from 217.xxx.xx.xx USER-INF 'mkd /pub/incoming/115548309' from 217.xxx.xx.xx USER-INF 'mkd /115548309' from 217.xxx.xx.xx USER-INF 'mkd /tmp/115548309' from 217.xxx.xx.xx USER-INF 'mkd /_private/115548309' from 217.xxx.xx.xx USER-INF 'mkd /cgi-bin/ /115548309' from 217.xxx.xx.xx USER-INF 'mkd /_vti_cnf/115548309' from 217.xxx.xx.xx USER-INF 'mkd /_vti_txt/115548309' from 217.xxx.xx.xx Here is what the vsftpd.log shows [ftp] OK LOGIN: Client "192.168.2.1", anon password "anonymous" Thanks in advance -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (1)
-
Togan Muftuoglu