head	1.1;
branch	1.1.1;
access;
symbols
	RELENG_8_4:1.1.1.3.0.76
	RELENG_9_1_0_RELEASE:1.1.1.3
	RELENG_9_1:1.1.1.3.0.74
	RELENG_9_1_BP:1.1.1.3
	RELENG_8_3_0_RELEASE:1.1.1.3
	RELENG_8_3:1.1.1.3.0.72
	RELENG_8_3_BP:1.1.1.3
	RELENG_9_0_0_RELEASE:1.1.1.3
	RELENG_9_0:1.1.1.3.0.70
	RELENG_9_0_BP:1.1.1.3
	RELENG_9:1.1.1.3.0.68
	RELENG_9_BP:1.1.1.3
	RELENG_7_4_0_RELEASE:1.1.1.3
	RELENG_8_2_0_RELEASE:1.1.1.3
	RELENG_7_4:1.1.1.3.0.66
	RELENG_7_4_BP:1.1.1.3
	RELENG_8_2:1.1.1.3.0.64
	RELENG_8_2_BP:1.1.1.3
	RELENG_8_1_0_RELEASE:1.1.1.3
	RELENG_8_1:1.1.1.3.0.62
	RELENG_8_1_BP:1.1.1.3
	RELENG_7_3_0_RELEASE:1.1.1.3
	RELENG_7_3:1.1.1.3.0.60
	RELENG_7_3_BP:1.1.1.3
	RELENG_8_0_0_RELEASE:1.1.1.3
	RELENG_8_0:1.1.1.3.0.58
	RELENG_8_0_BP:1.1.1.3
	RELENG_8:1.1.1.3.0.56
	RELENG_8_BP:1.1.1.3
	RELENG_7_2_0_RELEASE:1.1.1.3
	RELENG_7_2:1.1.1.3.0.54
	RELENG_7_2_BP:1.1.1.3
	RELENG_7_1_0_RELEASE:1.1.1.3
	RELENG_6_4_0_RELEASE:1.1.1.3
	RELENG_7_1:1.1.1.3.0.52
	RELENG_7_1_BP:1.1.1.3
	RELENG_6_4:1.1.1.3.0.50
	RELENG_6_4_BP:1.1.1.3
	RELENG_7_0_0_RELEASE:1.1.1.3
	RELENG_6_3_0_RELEASE:1.1.1.3
	RELENG_7_0:1.1.1.3.0.48
	RELENG_7_0_BP:1.1.1.3
	RELENG_6_3:1.1.1.3.0.46
	RELENG_6_3_BP:1.1.1.3
	v4-1-28:1.1.1.3
	RELENG_7:1.1.1.3.0.44
	RELENG_7_BP:1.1.1.3
	v4-1-23:1.1.1.3
	RELENG_6_2_0_RELEASE:1.1.1.3
	RELENG_6_2:1.1.1.3.0.42
	RELENG_6_2_BP:1.1.1.3
	v4-1-13:1.1.1.3
	RELENG_5_5_0_RELEASE:1.1.1.3
	RELENG_5_5:1.1.1.3.0.40
	RELENG_5_5_BP:1.1.1.3
	RELENG_6_1_0_RELEASE:1.1.1.3
	RELENG_6_1:1.1.1.3.0.38
	RELENG_6_1_BP:1.1.1.3
	v4-1-10:1.1.1.3
	RELENG_6_0_0_RELEASE:1.1.1.3
	RELENG_6_0:1.1.1.3.0.36
	RELENG_6_0_BP:1.1.1.3
	RELENG_6:1.1.1.3.0.34
	RELENG_6_BP:1.1.1.3
	RELENG_5_4_0_RELEASE:1.1.1.3
	v4-1-8:1.1.1.3
	RELENG_5_4:1.1.1.3.0.32
	RELENG_5_4_BP:1.1.1.3
	RELENG_4_11_0_RELEASE:1.1.1.3
	RELENG_4_11:1.1.1.3.0.30
	RELENG_4_11_BP:1.1.1.3
	RELENG_5_3_0_RELEASE:1.1.1.3
	RELENG_5_3:1.1.1.3.0.28
	RELENG_5_3_BP:1.1.1.3
	RELENG_5:1.1.1.3.0.26
	RELENG_5_BP:1.1.1.3
	v3-4-35:1.1.1.3
	RELENG_4_10_0_RELEASE:1.1.1.3
	RELENG_4_10:1.1.1.3.0.24
	RELENG_4_10_BP:1.1.1.3
	RELENG_5_2_1_RELEASE:1.1.1.3
	RELENG_5_2_0_RELEASE:1.1.1.3
	RELENG_5_2:1.1.1.3.0.22
	RELENG_5_2_BP:1.1.1.3
	RELENG_4_9_0_RELEASE:1.1.1.3
	RELENG_4_9:1.1.1.3.0.20
	RELENG_4_9_BP:1.1.1.3
	RELENG_5_1_0_RELEASE:1.1.1.3
	RELENG_5_1:1.1.1.3.0.18
	RELENG_5_1_BP:1.1.1.3
	RELENG_4_8_0_RELEASE:1.1.1.3
	RELENG_4_8:1.1.1.3.0.16
	RELENG_4_8_BP:1.1.1.3
	v3-4-31:1.1.1.3
	RELENG_5_0_0_RELEASE:1.1.1.3
	RELENG_5_0:1.1.1.3.0.14
	RELENG_5_0_BP:1.1.1.3
	RELENG_4_7_0_RELEASE:1.1.1.3
	RELENG_4_7:1.1.1.3.0.12
	RELENG_4_7_BP:1.1.1.3
	v3-4-29:1.1.1.3
	RELENG_4_6_2_RELEASE:1.1.1.3
	RELENG_4_6_1_RELEASE:1.1.1.3
	RELENG_4_6_0_RELEASE:1.1.1.3
	v3-4-28:1.1.1.3
	RELENG_4_6:1.1.1.3.0.10
	RELENG_4_6_BP:1.1.1.3
	v3-4-27:1.1.1.3
	v3-4-26:1.1.1.3
	v3-4-25:1.1.1.3
	RELENG_4_5_0_RELEASE:1.1.1.3
	RELENG_4_5:1.1.1.3.0.8
	RELENG_4_5_BP:1.1.1.3
	RELENG_4_4_0_RELEASE:1.1.1.3
	RELENG_4_4:1.1.1.3.0.6
	RELENG_4_4_BP:1.1.1.3
	v3-4-20:1.1.1.3
	RELENG_4_3_0_RELEASE:1.1.1.3
	RELENG_4_3:1.1.1.3.0.4
	RELENG_4_3_BP:1.1.1.3
	v3-4-16:1.1.1.3
	rev:1.1.1.3
	RELENG_4_2_0_RELEASE:1.1.1.3
	v3-4-13:1.1.1.3
	v3-4-12:1.1.1.3
	RELENG_4_1_1_RELEASE:1.1.1.3
	PRE_SMPNG:1.1.1.3
	v3-4-9:1.1.1.3
	RELENG_4_1_0_RELEASE:1.1.1.3
	v3-4-8:1.1.1.3
	RELENG_3_5_0_RELEASE:1.1.1.1
	v3_4_4:1.1.1.3
	RELENG_4_0_0_RELEASE:1.1.1.3
	RELENG_4:1.1.1.3.0.2
	RELENG_4_BP:1.1.1.3
	v3_3_8:1.1.1.3
	v3_3_6:1.1.1.3
	RELENG_3_4_0_RELEASE:1.1.1.1
	v3_3_3:1.1.1.2
	RELENG_3_3_0_RELEASE:1.1.1.1
	RELENG_3_2_PAO:1.1.1.1.0.4
	RELENG_3_2_PAO_BP:1.1.1.1
	RELENG_3_2_0_RELEASE:1.1.1.1
	RELENG_3_1_0_RELEASE:1.1.1.1
	RELENG_3:1.1.1.1.0.2
	RELENG_3_BP:1.1.1.1
	RELENG_3_0_0_RELEASE:1.1.1.1
	v3_2_7:1.1.1.1
	v3_2_3:1.1.1.1
	v3_2_1:1.1.1.1
	DARRENR:1.1.1;
locks; strict;
comment	@# @;


1.1
date	97.11.16.04.52.09;	author peter;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	97.11.16.04.52.09;	author peter;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	99.11.08.20.51.13;	author guido;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2000.01.13.18.30.37;	author guido;	state Exp;
branches
	1.1.1.3.76.1;
next	;

1.1.1.3.76.1
date	2000.01.13.18.30.37;	author svnexp;	state dead;
branches;
next	1.1.1.3.76.2;

1.1.1.3.76.2
date	2013.03.28.13.01.21;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@How to setup FTP proxying using the built in proxy code.
========================================================

NOTE: Currently, the built-in FTP proxy is only available for use with NAT
      (i.e. only if you're already using "map" rules with ipnat).

Lets assume your network diagram looks something like this:


[host A]
   |a
---+-------------+----------
                 |b
             [host B]
                 |c
---+-------------+----------
   |d
[host C]

and IP Filter is running on host B.  If you want to proxy FTP from A to C
then you would do:

map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy ftp ftp/tcp

int-c = name of "interface c"
ipaddr-a = ip# of interface a
ipaddr-c-net = another ip# on the C-network (usually not the same as the
interface).

e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0
which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was
203.45.67.90, you would do:

map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy ftp ftp/tcp

where:
ipaddr-a = 10.1.1.1
int-c = vx0
ipaddr-c-net = 203.45.67.91

@


1.1.1.1
log
@Import ipfilter 3.2.1 (update from 3.1.8)
@
text
@@


1.1.1.2
log
@Import of ipfilter 3.3.3  in anticipation of its revival.
More to come in the next days.
@
text
@d23 1
a23 1
map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp
d34 1
a34 1
map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp
@


1.1.1.3
log
@Import of ipfilter 3.3.6 (freebsd relevant part)

Obtained from:	ftp://coombs.anu.edu.au/pub/net/firewall/ip-filter/ip_fil3.3.6.tar.gz
@
text
@d5 1
a5 3
      (i.e. only if you're already using "map" rules with ipnat).  It does
      support null-NAT mappings, that is, using the proxy without changing
      the addresses.
a39 3

The "map" rule for this proxy should precede any other NAT rules you are
using.
@


1.1.1.3.76.1
log
@file ftp-proxy was added on branch RELENG_8_4 on 2013-03-28 13:01:21 +0000
@
text
@d1 45
@


1.1.1.3.76.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 45
How to setup FTP proxying using the built in proxy code.
========================================================

NOTE: Currently, the built-in FTP proxy is only available for use with NAT
      (i.e. only if you're already using "map" rules with ipnat).  It does
      support null-NAT mappings, that is, using the proxy without changing
      the addresses.

Lets assume your network diagram looks something like this:


[host A]
   |a
---+-------------+----------
                 |b
             [host B]
                 |c
---+-------------+----------
   |d
[host C]

and IP Filter is running on host B.  If you want to proxy FTP from A to C
then you would do:

map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp

int-c = name of "interface c"
ipaddr-a = ip# of interface a
ipaddr-c-net = another ip# on the C-network (usually not the same as the
interface).

e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0
which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was
203.45.67.90, you would do:

map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp

where:
ipaddr-a = 10.1.1.1
int-c = vx0
ipaddr-c-net = 203.45.67.91

The "map" rule for this proxy should precede any other NAT rules you are
using.

@


