1 files changed, 45 insertions, 0 deletions

diff --git a/rules/ftp-proxy b/rules/ftp-proxy
new file mode 100644
index 0000000..ad2f717
--- /dev/null
+++ b/rules/ftp-proxy
@@ -0,0 +1,45 @@
+How to setup FTP proxying using the built in proxy code.
+========================================================
+
+NOTE: Currently, the built-in FTP proxy is only available for use with NAT
+      (i.e. only if you're already using "map" rules with ipnat).  It does
+      support null-NAT mappings, that is, using the proxy without changing
+      the addresses.
+
+Lets assume your network diagram looks something like this:
+
+
+[host A]
+   |a
+---+-------------+----------
+                 |b
+             [host B]
+                 |c
+---+-------------+----------
+   |d
+[host C]
+
+and IP Filter is running on host B.  If you want to proxy FTP from A to C
+then you would do:
+
+map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp
+
+int-c = name of "interface c"
+ipaddr-a = ip# of interface a
+ipaddr-c-net = another ip# on the C-network (usually not the same as the
+interface).
+
+e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0
+which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was
+203.45.67.90, you would do:
+
+map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp
+
+where:
+ipaddr-a = 10.1.1.1
+int-c = vx0
+ipaddr-c-net = 203.45.67.91
+
+The "map" rule for this proxy should precede any other NAT rules you are
+using.
+