10 More Discussions You Might Find Interesting
1. Solaris
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses... (0 Replies)
Discussion started by: nickb1976
0 Replies
2. IP Networking
I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect... (0 Replies)
Discussion started by: Russel
0 Replies
3. Infrastructure Monitoring
Hello,
I am facing this scenario: three or more remote LAN (peripheral offices), with the same devices (printers, NAS) in each of them. Those LANs have the same network addresses, i.e.192.168.1.* (are connected to WAN via NAT).
I need to collect snmp traps from a central server (public IP).... (4 Replies)
Discussion started by: neutrino
4 Replies
4. Solaris
Hi everybody,
I'm running on Solaris 10 X86 (update 1009).
I would like to make NAT's rule. I explain you.
On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33
I created the first logical interface like that :
ifconfig e1000g0 addif 192.168.0.40 netmask... (0 Replies)
Discussion started by: aureliensm
0 Replies
5. Shell Programming and Scripting
hellou, can anybody help me with nat detection in real time ? i prefer some detection script because i try some nat detection program's for example p0f or i'm using tcpdump, but i would get contain of specific packet. Some ideas? (1 Reply)
Discussion started by: TheTechnic
1 Replies
6. IP Networking
Hi,
I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies
7. IP Networking
Hi All,
Is there any possibility to change the IP address of a package according to its MAC address. It would be a sort of L2 NAT. (i.e. If the MAC address is 00:1A:A0:1E:XX:XX so the dir IP will be 192.168.X.X)
Thanks!. (4 Replies)
Discussion started by: lagigliaivan
4 Replies
8. IP Networking
i have a firewall with two interfaces eth0 and eth1, eth0 is connected to an external network, and eth0 is connected to a private lan.
im using this command for NAT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 223.0.0.3
my questions are :
1) how can i... (4 Replies)
Discussion started by: ratamahatta
4 Replies
9. IP Networking
Hello Gurus!
I'm currently trying to configure NAT using proxy ARP on a SunOS 5.8 .
This box is running Check Point FW1 that sits behind my internet router.
I have a server that is connected to the firewall box. I want to translate this server using proxy ARP.
Settings:... (1 Reply)
Discussion started by: azzuwan
1 Replies
10. IP Networking
Hi All!
I have a Pentium 100 (32 MBRAM) with FreeBSD 4.4 installed on it and I am using it as a gateway. When I am downloading (or uploading) stuff simultaneously I see that natd is using up to 100% of the cpu capacity, hence the internet connection becomes blocked.
My guess is I will have... (1 Reply)
Discussion started by: Ivo
1 Replies
FTP-PROXY(8) BSD System Manager's Manual FTP-PROXY(8)
NAME
ftp-proxy -- Internet File Transfer Protocol proxy daemon
SYNOPSIS
ftp-proxy [-6Adrv] [-a address] [-b address] [-D level] [-m maxsessions] [-P port] [-p port] [-q queue] [-R address] [-T tag] [-t timeout]
DESCRIPTION
ftp-proxy is a proxy for the Internet File Transfer Protocol. FTP control connections should be redirected into the proxy using the pf(4)
rdr command, after which the proxy connects to the server on behalf of the client.
The proxy allows data connections to pass, rewriting and redirecting them so that the right addresses are used. All connections from the
client to the server have their source address rewritten so they appear to come from the proxy. Consequently, all connections from the
server to the proxy have their destination address rewritten, so they are redirected to the client. The proxy uses the pf(4) anchor facility
for this.
Assuming the FTP control connection is from $client to $server, the proxy connected to the server using the $proxy source address, and $port
is negotiated, then ftp-proxy adds the following rules to the various anchors. (These example rules use inet, but the proxy also supports
inet6.)
In case of active mode (PORT or EPRT):
rdr from $server to $proxy port $port -> $client
pass quick inet proto tcp
from $server to $client port $port
In case of passive mode (PASV or EPSV):
nat from $client to $server port $port -> $proxy
pass in quick inet proto tcp
from $client to $server port $port
pass out quick inet proto tcp
from $proxy to $server port $port
The options are as follows:
-6 IPv6 mode. The proxy will expect and use IPv6 addresses for all communication. Only the extended FTP modes EPSV and EPRT are
allowed with IPv6. The proxy is in IPv4 mode by default.
-A Only permit anonymous FTP connections. Either user "ftp" or user "anonymous" is allowed.
-a address
The proxy will use this as the source address for the control connection to a server.
-b address
Address where the proxy will listen for redirected control connections. The default is 127.0.0.1, or ::1 in IPv6 mode.
-D level
Debug level, ranging from 0 to 7. Higher is more verbose. The default is 5. (These levels correspond to the syslog(3) levels.)
-d Do not daemonize. The process will stay in the foreground, logging to standard error.
-m maxsessions
Maximum number of concurrent FTP sessions. When the proxy reaches this limit, new connections are denied. The default is 100 ses-
sions. The limit can be lowered to a minimum of 1, or raised to a maximum of 500.
-P port
Fixed server port. Only used in combination with -R. The default is port 21.
-p port
Port where the proxy will listen for redirected connections. The default is port 8021.
-q queue
Create rules with queue queue appended, so that data connections can be queued.
-R address
Fixed server address, also known as reverse mode. The proxy will always connect to the same server, regardless of where the client
wanted to connect to (before it was redirected). Use this option to proxy for a server behind NAT, or to forward all connections to
another proxy.
-r Rewrite sourceport to 20 in active mode to suit ancient clients that insist on this RFC property.
-T tag The filter rules will add tag tag to data connections, and not match quick. This way alternative rules that use the tagged keyword
can be implemented following the ftp-proxy anchor. These rules can use special pf(4) features like route-to, reply-to, label,
rtable, overload, etc. that ftp-proxy does not implement itself.
-t timeout
Number of seconds that the control connection can be idle, before the proxy will disconnect. The maximum is 86400 seconds, which is
also the default. Do not set this too low, because the control connection is usually idle when large data transfers are taking
place.
-v Set the 'log' flag on pf rules committed by ftp-proxy. Use twice to set the 'log-all' flag. The pf rules do not log by default.
CONFIGURATION
To make use of the proxy, pf.conf(5) needs the following rules. All anchors are mandatory. Adjust the rules as needed.
In the NAT section:
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp from $lan to any port 21 ->
127.0.0.1 port 8021
In the rule section:
anchor "ftp-proxy/*"
pass out proto tcp from $proxy to any port 21
SEE ALSO
ftp(1), pf(4), pf.conf(5)
CAVEATS
pf(4) does not allow the ruleset to be modified if the system is running at a securelevel(7) higher than 1. At that level ftp-proxy cannot
add rules to the anchors and FTP data connections may get blocked.
Negotiated data connection ports below 1024 are not allowed.
The negotiated IP address for active modes is ignored for security reasons. This makes third party file transfers impossible.
ftp-proxy chroots to "/var/empty" and changes to user "proxy" to drop privileges.
BSD
February 26, 2008 BSD