1*7c478bd9Sstevel@tonic-gateHow to setup FTP proxying using the built in proxy code. 2*7c478bd9Sstevel@tonic-gate======================================================== 3*7c478bd9Sstevel@tonic-gate 4*7c478bd9Sstevel@tonic-gateNOTE: Currently, the built-in FTP proxy is only available for use with NAT 5*7c478bd9Sstevel@tonic-gate (i.e. only if you're already using "map" rules with ipnat). It does 6*7c478bd9Sstevel@tonic-gate support null-NAT mappings, that is, using the proxy without changing 7*7c478bd9Sstevel@tonic-gate the addresses. 8*7c478bd9Sstevel@tonic-gate 9*7c478bd9Sstevel@tonic-gateLets assume your network diagram looks something like this: 10*7c478bd9Sstevel@tonic-gate 11*7c478bd9Sstevel@tonic-gate 12*7c478bd9Sstevel@tonic-gate[host A] 13*7c478bd9Sstevel@tonic-gate |a 14*7c478bd9Sstevel@tonic-gate---+-------------+---------- 15*7c478bd9Sstevel@tonic-gate |b 16*7c478bd9Sstevel@tonic-gate [host B] 17*7c478bd9Sstevel@tonic-gate |c 18*7c478bd9Sstevel@tonic-gate---+-------------+---------- 19*7c478bd9Sstevel@tonic-gate |d 20*7c478bd9Sstevel@tonic-gate[host C] 21*7c478bd9Sstevel@tonic-gate 22*7c478bd9Sstevel@tonic-gateand IP Filter is running on host B. If you want to proxy FTP from A to C 23*7c478bd9Sstevel@tonic-gatethen you would do: 24*7c478bd9Sstevel@tonic-gate 25*7c478bd9Sstevel@tonic-gatemap int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gateint-c = name of "interface c" 28*7c478bd9Sstevel@tonic-gateipaddr-a = ip# of interface a 29*7c478bd9Sstevel@tonic-gateipaddr-c-net = another ip# on the C-network (usually not the same as the 30*7c478bd9Sstevel@tonic-gateinterface). 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gatee.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0 33*7c478bd9Sstevel@tonic-gatewhich had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was 34*7c478bd9Sstevel@tonic-gate203.45.67.90, you would do: 35*7c478bd9Sstevel@tonic-gate 36*7c478bd9Sstevel@tonic-gatemap vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp 37*7c478bd9Sstevel@tonic-gate 38*7c478bd9Sstevel@tonic-gatewhere: 39*7c478bd9Sstevel@tonic-gateipaddr-a = 10.1.1.1 40*7c478bd9Sstevel@tonic-gateint-c = vx0 41*7c478bd9Sstevel@tonic-gateipaddr-c-net = 203.45.67.91 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gateThe "map" rule for this proxy should precede any other NAT rules you are 44*7c478bd9Sstevel@tonic-gateusing. 45*7c478bd9Sstevel@tonic-gate 46