312N/AHow to setup FTP proxying using the built in proxy code.
312N/A========================================================
312N/ANOTE: Currently, the built-in FTP proxy is only available for use with NAT
312N/A (
i.e. only if you're already using "map" rules with ipnat). It does
312N/A support null-NAT mappings, that is, using the proxy without changing
312N/ALets assume your network diagram looks something like this:
312N/A---+-------------+----------
312N/A---+-------------+----------
312N/Aand IP Filter is running on host B. If you want to proxy FTP from A to C
5829N/Amap int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp
ftp/tcp 5680N/Aint-c = name of "interface c"
312N/Aipaddr-a = ip# of interface a
312N/Aipaddr-c-net = another ip# on the C-network (usually not the same as the
844N/Ae.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0
6913N/Awhich had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was
312N/Amap vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp
ftp/tcp 5680N/AThe "map" rule for this proxy should precede any other NAT rules you are