On Thu, Mar 22, 2001 at 03:52:08PM +0100, RoMaN SoFt / LLFB !! wrote: > On Thu, 22 Mar 2001 11:53:47 +0200, you wrote: > > >Yes it is possible. Linux has supported transparent ftp proxying for > >some time however it is a requirement that the linux box be on the > >default route for the ftp traffic so it can grab the packets, check > >the original destination and proxy the traffic. There are non-transparent > > I've using transparent http proxy with squid. Iptables is not the > problem, I know how to redirect, etc. What I need is the proxy-program > itself. I think squid doesn't perform this type of proxying. Am I > wrong? You'd have to ask the squid list if squid can do transparent ftp in much the same way as it does http but I think the answer is no. I do know that squid will proxy ftp for you if you point your browser ftp proxy settings at it manually however. What I was saying however is that you don't need a separate program to 'proxy' your ftp. It's built into the kernel provided you compile the right modules and tweak the right settings. > >Check out the masquerading faqs and/or the new netfilter documentation > >for info on getting linux boxes to 'proxy' ftp. > > I've read all advanced routing docs: the advanced routing howto > itself, iptables packet filtering howto and iptables nat howto. But I > haven't seen anything regarding ftp-proxying. Any little help, please > :) It _is_ possible but I don't have handy references to anything. A quick browse in my linux directory shows a file called ip_conntrack_ftp.c which is part of netfilter which does the work so it is possible. I'm not near a copy of iptables either to read the manpage but surely there is something useful linked from http://netfilter.kernelnotes.org or that google can find or in the iptables manpages? eg. http://www.BoingWorld.com/workshops/linux/iptables-tutorial/ mentions ftp from a quick glance at it and may be worth looking at. --C - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
