Running a transparent FTP proxy is an easy way to control FTP connections made by people on your network (using ACL’s)
If you are already running Squid as a transparent (web) proxy, it cannot act as a transparent FTP proxy along, thus you have to use another tool for FTP proxying : frox will do the job
Installation & compilation
Grab the latest version of Frox at http://frox.sourceforge.net/
Compile the package the usual way..
The following files should be installed :
/etc/frox.conf
/usr/local/sbin/frox
/var/log/frox/frox-log
/var/run/frox.pid
/etc/frox.conf :
Redhat/Fedora/CentOS init script
I made a pretty short init script to start frox as a service on RedHat based machines
Save the following script under /etc/init.d/frox :
Iptables configuration
Add the following line to /etc/sysconfig/iptables under NAT section
Anyone under 192.168.0.0/24 trying to access port 21 will be transparently redirected to frox, which will allow or deny the connection-A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 21 -j REDIRECT --to-ports 2121
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2121 --syn -j ACCEPT
Type : service iptables restart
Test your configuration
Telnet into your frox server and check out the logs using :tail -f /var/log/frox/frox-log
'IT > Tips' 카테고리의 다른 글
| colorize Unix/Linux stuff (0) | 2007.05.11 |
|---|---|
| Ftp Protocol (active mode and pasv mode) (0) | 2007.05.08 |
| 메일 보내기 (0) | 2007.04.24 |
| 일본어 메일 보내기 (0) | 2007.04.24 |
| Doxygen Quick Guide (0) | 2007.04.21 |