1How to setup FTP proxying using the built in proxy code. 2======================================================== 3 4NOTE: Currently, the built-in FTP proxy is only available for use with NAT 5 (i.e. only if you're already using "map" rules with ipnat). It does 6 support null-NAT mappings, that is, using the proxy without changing 7 the addresses. 8 9Lets assume your network diagram looks something like this: 10 11 12[host A] 13 |a 14---+-------------+---------- 15 |b 16 [host B] 17 |c 18---+-------------+---------- 19 |d 20[host C] 21 22and IP Filter is running on host B. If you want to proxy FTP from A to C 23then you would do: 24 25map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp 26 27int-c = name of "interface c" 28ipaddr-a = ip# of interface a 29ipaddr-c-net = another ip# on the C-network (usually not the same as the 30interface). 31 32e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0 33which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was 34203.45.67.90, you would do: 35 36map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp 37 38where: 39ipaddr-a = 10.1.1.1 40int-c = vx0 41ipaddr-c-net = 203.45.67.91 42 43The "map" rule for this proxy should precede any other NAT rules you are 44using. 45 46