Hi! On Wed, Jun 20, 2001 at 03:32:20PM +0200, Alois Treindl wrote:
I intend to run ftp-proxy on the 'director' of an LVS cluster. The ftp server will run on one of the real servers in the cluster.
I use ipchains for firewalling the director against the Internet. Only a very limited set of rules is curently active, to allow ssh access to the 'director' and for the load balanced http services, plus DNS and NTP lookups and such stuff.
Question: Does someone have a ruleset for ipchains for the additional rules required for the ftp proxy service.
a) allowing public access to the ftp-proxy service from outside
You do not need any redirection rules nor transparent proxying if you have only one ftp-server - simply set DestinationAddess to the IP of the ftp-server and say to the internet, the proxy machine is your ftp-server.
b) (if possible) allowing inside users to use an ftp client (like ncftp or wget) to access public ftp servers on the Internet.
start a second ftp-proxy with transparent proxying in the
internal interface of the proxy machine.
See TransProxy-Mini-Howto.txt.
Gruesse,
Marius Tomaschewski