/usr/share/doc/ftp-proxy-doc/ftp-proxy-5.html is in ftp-proxy-doc 1.9.2.4-10.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
<TITLE>The FTP-Proxy White Paper: Inbound and Outbound FTP Traffic </TITLE>
<LINK HREF="ftp-proxy-6.html" REL=next>
<LINK HREF="ftp-proxy-4.html" REL=previous>
<LINK HREF="ftp-proxy.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="ftp-proxy-6.html">Next</A>
<A HREF="ftp-proxy-4.html">Previous</A>
<A HREF="ftp-proxy.html#toc5">Contents</A>
<HR>
<H2><A NAME="traffic"></A> <A NAME="s5">5.</A> <A HREF="ftp-proxy.html#toc5">Inbound and Outbound FTP Traffic </A></H2>
<P>The most common use of FTP-Proxy will probably be "inbound" FTP
traffic. This means that clients from an "outside" world seek access
to a "local" FTP server specified in the <CODE>DestinationAddress</CODE>
variable.</P>
<P>Nevertheless, FTP-Proxy supports also an "outbound" mode, where
clients have more control over the FTP connections. The FTP-Proxy
implements two concepts of "outbound" traffic.</P>
<P>
<UL>
<LI><EM>MagicUser</EM>
<P>The first one is based on the increased level of trust that users
enjoy. When setting the <CODE>AllowMagicUser</CODE> config option to
"yes" and allowing the "@" (see also <CODE>UseMagicChar</CODE> option)
and ":" characters as part of the USER command argument, users can
determine the destination server's address and port with the USER
command. All they have to do is to append the host name, separated
by the "@" sign (or other set using <CODE>UseMagicChar</CODE> option),
optionally followed by a colon and the port. These components will
be removed from the name and evaluated as destination.</P>
</LI>
<LI><EM>Transparent-Proxy</EM>
<P>The second one is based on IP-NAT packet redirections, commonly
called <EM>transparent proxying</EM>. This method is currently
implemented for Linux ipchains (2.2 kernel) and iptables (2.4
kernel), as well as for BSD ipnat, tested on OpenBSD 2.9 and
FreeBSD 4.4. A description how to setup the redirections is
provided in the <CODE>TransProxy-Mini-Howto.txt</CODE> file.</P>
<P>When setting the <CODE>AllowTransProxy</CODE> config option to "yes",
the proxy will evaluate the original destination address and port
the client wanted connect as destination. If <CODE>AllowMagicUser</CODE>
is enabled as well, the users are still able to provide a different
destination using the USER command argument.</P>
</LI>
</UL>
</P>
<P>If <CODE>AllowTransProxy</CODE> and <CODE>AllowMagicUser</CODE> are not
used, the FTP-Proxy runs in the "inbound" mode and the
<CODE>DestinationAddress</CODE> is mandatory.</P>
<P>In "outbound" mode, <CODE>DestinationAddress</CODE> is used as default
or fallback destination, that will be used if no other destination
is found using <EM>Transparent-Proxy</EM> or <EM>Magic-User</EM>
mechanisms.</P>
<HR>
<A HREF="ftp-proxy-6.html">Next</A>
<A HREF="ftp-proxy-4.html">Previous</A>
<A HREF="ftp-proxy.html#toc5">Contents</A>
</BODY>
</HTML>
|