3.140
modificacions
Canvis
Jump to navigation
Jump to search
<br>- Configurar filezilla:<br># Menú Edit -> Settings -> Connection -> FTP -> Generic proxy: indicar '''none ''' Menú Edit -> Settings -> Connection -> FTP -> FTP Proxy: indicar '''Custom''' y introducir lo siguiente: <pre>USER %u@%h
#Menú Edit -> Settings -> Connection -> FTP -> FTP PASS %p </pre> En Proxy: host indicar Custom y introducir lo siguiente:<br>USER %u@%h<br>PASS %p
En Proxy host indicar:<br>'''server:2121'''
cap resum d'edició
== En el servidor: ==
==== <br>- Instalar frox (debes de habilitar los [[Repositoris|repositorios ]] de [[Repositori Ubuntu 10.04|Ubuntu]]): ====<brpre>sudo apt-get update<br>sudo apt-get install frox<br/pre>- Copiar el fichero ==== Crear un archivo de configuración adjunto con los siguientes datos y copiarlo (frox.conf) a /etc/.<br>- Crear la estructura de directorios para los archivos log: ====<brpre>mkdir # Configuration file for frox transparent ftp-p /usr/local/lib/frox<br>proxy.# Send SIGHUP after editing and it will be reread. This will fail# completely if we are chrooted and the config file isn't within the# dir we have chrooted to, or if we have dropped priveleges and no# longer have permission to read the config file! Some options cannot# be reread - Inciar el servidor ftp<br>/etc/initnamely those which require special privelidges (ie. # BindToDevice, Listen, Port, TransparentData) and the caching stuff.d/frox restart
##################################################################### Network Options ##################################################################### # Address to listen on - default is 0.0.0.0 If you are using an OS other# than Linux and are doing transparent proxying then you will need to set # this to the IP of a local interface. If using linux you could leave it # commented out to listen on all local IPs.## Listen firewall.localnetListen server # Port to listen on. Must be supplied.#Port 2121 # If specified then bind to this device#BindToDevice eth0 # Whether to run from inetd. You should still define Port above, but# it isn't used for much.## FromInetd yes # Stop frox from putting itself into the background. Use this if you want# to run frox from supervise from djb's daemontools## NoDetach # A hack that should allow you to get away without putting resolver libraries # into the chroot jail. The default is fine unless for some reason you have# this hostname in /etc/hosts. If this sort of thing offends you, you may# comment this out and copy resolver libraries into the chroot jail instead.# See FAQ section 3.2 for details.#ResolvLoadHack wontresolve.doesntexist.abc # Another ftp proxy to forward on to. Frox will contact this ftp# proxy, and send it a login name of the form "user@host:port" where# host and port are the server frox should contact. If you set# FTPProxyNoPort then frox will send logins of the form user@host## FTPProxy 192.168.2.9:2222# FTPProxyNoPort yes # Pick the IP frox should use for outgoing connections. You probably don't# need this, and it is not well tested.## TcpOutgoingAddr # Pick the IP that frox should send in PASV replies to the client. Defaults# to the address frox received the control connection on which you shouldn't# need to change unless you are doing NAT between frox and your clients, or # are trying to tunnel connections using frox. See FAQ.## PASVAddress ##################################################################### General Options ###################################################################### User and group to drop priveliges to. This must be specified - if# you really want to run as root (not a good idea) you must say so# specifically, and have compiled with --enable-run-as-root.# User nobody Group nogroup # This is frox's working directory - it must be specified. Temporary# files and sockets will be created here. If you are using local# caching then the cache will be stored in this directory too. It# should be owned by frox with permissions 700. By default frox will# also chroot to this dir on startup. To avoid this you must specifically # set DontChroot to Yes.#WorkingDir /usr/local/lib/froxDontChroot Yes # Logging level. 0=No logging. 5=Critical errors only. 10= All errors.# 15=Errors, other important stuf. 20= Errors, connections, cache# hits/misses 25=Debug info including text of control session. By# default frox will log through syslog as facility daemon. If you want# frox to log to a file instead specify this in LogFile below. You may# set LogFile to "stderr" if you wish it to log there. XferLogging# defaults to on, and results in a one line log entry for each file# transferred irrespective of the log level. You can turn this off# below.# LogLevel 20 LogFile /usr/local/lib/frox/frox-log XferLogging no # File to store PID in. Default is not to. If this file is not within# the Chroot directory then it cannot be deleted on exit, but will# otherwise work fine.#PidFile /var/run/frox.pid ##################################################################### Ftp Protocol Options ##################################################################### # Active --> Passive conversion. If set then all outgoing connections# from the proxy will be passive FTP, regardless of the type of the# connection coming in. This makes firewalling a lot easier. Defaults# to no.## APConv yes # Passive --> Active conversion. If set then all outgoing connections# from the proxy will be active FTP, regardless of the type of the# connection coming in. Defaults to no.# DO NOT USE WITH APConv!## PAConv yes # Block PORT commands asking data to be sent to ports<1024 and# prevent incoming control stream connections from port 20 to # help depend against ftp bounce attacks. Defaults to on.#BounceDefend yes # If true then only accept data connections from the hosts the control# connections are to. Breaks the rfc, and defaults to off.## SameAddress yes # Normally frox strips out nonprintable characters from the control# stream. This makes buffer overflow attacks on clients/servers much more# difficult. If you download files that contain non english characters# this may cause you problems (especially for big charsets like Chines).# In that case turn on this option.## AllowNonASCII yes # Try to transparently proxy the data connections as well. Not# necessary for most clients, and does increase security risks. N.V.# You probably do _NOT_ need this option. It increases the complexity# of what frox has to do, increases the difficulty of setting frox up# correctly, and increases potential security risks. This has nothing# to do with whether your clients will be transparently proxied. If# you still want to use this option then read README.transdata for# details.## TransparentData yes # Specify ranges for local ports to use for outgoing connections and# for sending out in PORT commands. By default these are all between# 40000 and 50000, but you might want to split them up if you have# complicated firewalling rules.## ControlPorts 40000-40999# PassivePorts 41000-41999 PassivePorts 49152-65534# ActivePorts 42000-42999 # SSL/AUTH support. Frox must have been linked to the openssl libraries.# This is currently experimental, and only tested against vsftpd## UseSSL yes# DataSSL no ##################################################################### Caching Options ##################################################################### # Caching options. There should be at most one CacheModule line, and# Cache lines to give the options for that caching module. CacheModule# is HTTP (rewrites ftp requests as HTTP and sends them to a HTTP# proxy like squid), or local (cache files locally). The relevant# module needs to have been compiled in at compile time. See FAQ for# details. If there are no CacheModule lines then no caching will be# done. "CacheModule None" explicitly requests no caching, and is# useful to turn off caching within a subsection (below).## CacheModule local# CacheSize 400## CacheModule http# HTTPProxy server:3128# MinCacheSize 65536# ForceHTTP no # Set to yes to force http file retreiving even if# # file is not cacheable## StrictCaching no # Read FAQ for details.# CacheOnFQDN yes # Read FAQ for details.## CacheAll no # Set to yes to cache non anonymous ftp downloads # Virus scanning -- see FAQ## VirusScanner '"/usr/bin/viruscan" "--option" "%s"'# VSOK 0# VSProgressMsgs 30 ##################################################################### Access control ##################################################################### # Allow non-transparent proxying support. The user can connect# directly to frox, and give his username as user@host:port or# user@host. Defaults to no. NTPAddress gives the address to which# incoming connections must be addressed if the client is to be offered# non-transparent proxying. For most people using this it will be the same# as the Listen address above. If not given then all connections will be# offered non transparent proxying. If you are not using transparent# proxying at all then you should leave NTPAddress commented out.# DoNTP yesNTPAddress server:2121 # Number of seconds of no activity before closing session# Defaults to 300## Timeout 300 #Maximum number of processes to fork.## MaxForks 0 # For debugging -- only one connection may be served.MaxForks 10 # Maximum number of connections from a single host (IP address).MaxForksPerHost 4 # Maximum number of bytes/second to be transferred over the data# connection for each client. MaxTransferRate limits downloads and# MaxUploadRate uploads. CacheDlRate is the rate for downloads of files# that are cached locally - if not set these files will be downloaded at# full speed.## MaxTransferRate 4096# CacheDlRate 8192# MaxUploadRate 4096 # Access control lists:# The format is: "ACL Allow|Deny SRC - DST [PORTS]" # SRC and DST may be in the form x.x.x.x, x.x.x.x/yy, x.x.x.x/y.y.y.y,# a dns name, or * to match everything.## PORTS is a list of ports. If specified then the rule will only match# if the destination port of the connection is in this list. This is# likely only relevant if you are allowing non-transparent proxying of# ftp connections (ie. DoNTP is enabled above). Specifying * is equivalent # to not specifying anything - all ports will be matched## Any connection that matches no rules will be denied. Since there are# no rules by default you'll need to add something to let any# connections happen at all (look at the last example if you are# feeling lazy/not bothered by security).## # Examples:# # Allow local network to ftp to port 21 only, and block host ftp.evil# ACL Deny * - ftp.evil # ACL Allow 192.168.0.0/255.255.0.0 - * 21## # Allow local network to ftp anywhere except certain dodgy ports. Network # # admin's machine can ftp anywhere.# ACL Allow admin.localnet - *# ACL Deny * - * 1-20,22-1024,6000-6007,7100# ACL Allow 192.168.0.0/16 - * *## # You don't really believe in this security stuff, and just want# # everything to work. ACL Allow * - * # Command control program: A bit like the idea of a squid redirector.# By default the old interface is used so as not to break existing# installations. The new interface is much more powerful, and is# reccommended for new scripts -- set UseOldCCP to false to use it.# See the FAQ for details.## CCProgram /usr/local/lib/frox/bin/ccp# UseOldCCP no ##################################################################### Subsections ###################################################################### Matching rules the same as ACLS. Only some options can be specified# in a subsection (currently the yes/no options, timeout, and caching# options).## SubSection * - ftp.dodgy.server# StrictCaching yes# EndSection## SubSection * - 10.0.0.0/24 # A low latency high bandwidth connection# MinCacheSize 4096# EndSection## Subsection * - ftp.localnetwork# # To disable caching if it has been turned on in a parent section# CacheModule None# EndSection </pre> ==== Crear la estructura de directorios para los archivos log:<br> ====<pre>mkdir -p /usr/local/lib/frox</pre> ==== Inciar el servidor ftp<br> ====<pre>/etc/init.d/frox restart </pre> <br>
== En el cliente ==