3.140
modificacions
Canvis
Jump to navigation
Jump to search
Es crea la pàgina amb «== En el servidor: == ==== <br>Instalar frox (debes de habilitar los repositorios de Ubuntu): ==== <pre>sudo apt-get update...».
== En el servidor: ==
==== <br>Instalar frox (debes de habilitar los [[Repositoris|repositorios]] de [[Repositori Ubuntu 10.04|Ubuntu]]): ====
<pre>sudo apt-get update
sudo apt-get install frox</pre>
==== Crear un archivo de configuración con los siguientes datos y copiarlo (frox.conf) a /etc/<br> ====
<pre># Configuration file for frox transparent ftp-proxy.
# Send SIGHUP after editing and it will be reread. This will fail
# completely if we are chrooted and the config file isn't within the
# dir we have chrooted to, or if we have dropped priveleges and no
# longer have permission to read the config file! Some options cannot
# be reread - namely those which require special privelidges (ie.
# BindToDevice, Listen, Port, TransparentData) and the caching stuff.
####################################################################
# Network Options #
####################################################################
# Address to listen on - default is 0.0.0.0 If you are using an OS other
# than Linux and are doing transparent proxying then you will need to set
# this to the IP of a local interface. If using linux you could leave it
# commented out to listen on all local IPs.
#
# Listen firewall.localnet
Listen server
# Port to listen on. Must be supplied.
#
Port 2121
# If specified then bind to this device
#
BindToDevice eth0
# Whether to run from inetd. You should still define Port above, but
# it isn't used for much.
#
# FromInetd yes
# Stop frox from putting itself into the background. Use this if you want
# to run frox from supervise from djb's daemontools
#
# NoDetach
# A hack that should allow you to get away without putting resolver libraries
# into the chroot jail. The default is fine unless for some reason you have
# this hostname in /etc/hosts. If this sort of thing offends you, you may
# comment this out and copy resolver libraries into the chroot jail instead.
# See FAQ section 3.2 for details.
#
ResolvLoadHack wontresolve.doesntexist.abc
# Another ftp proxy to forward on to. Frox will contact this ftp
# proxy, and send it a login name of the form "user@host:port" where
# host and port are the server frox should contact. If you set
# FTPProxyNoPort then frox will send logins of the form user@host
#
# FTPProxy 192.168.2.9:2222
# FTPProxyNoPort yes
# Pick the IP frox should use for outgoing connections. You probably don't
# need this, and it is not well tested.
#
# TcpOutgoingAddr
# Pick the IP that frox should send in PASV replies to the client. Defaults
# to the address frox received the control connection on which you shouldn't
# need to change unless you are doing NAT between frox and your clients, or
# are trying to tunnel connections using frox. See FAQ.
#
# PASVAddress
####################################################################
# General Options #
####################################################################
# User and group to drop priveliges to. This must be specified - if
# you really want to run as root (not a good idea) you must say so
# specifically, and have compiled with --enable-run-as-root.
#
User nobody
Group nogroup
# This is frox's working directory - it must be specified. Temporary
# files and sockets will be created here. If you are using local
# caching then the cache will be stored in this directory too. It
# should be owned by frox with permissions 700. By default frox will
# also chroot to this dir on startup. To avoid this you must specifically
# set DontChroot to Yes.
#
WorkingDir /usr/local/lib/frox
DontChroot Yes
# Logging level. 0=No logging. 5=Critical errors only. 10= All errors.
# 15=Errors, other important stuf. 20= Errors, connections, cache
# hits/misses 25=Debug info including text of control session. By
# default frox will log through syslog as facility daemon. If you want
# frox to log to a file instead specify this in LogFile below. You may
# set LogFile to "stderr" if you wish it to log there. XferLogging
# defaults to on, and results in a one line log entry for each file
# transferred irrespective of the log level. You can turn this off
# below.
#
LogLevel 20
LogFile /usr/local/lib/frox/frox-log
XferLogging no
# File to store PID in. Default is not to. If this file is not within
# the Chroot directory then it cannot be deleted on exit, but will
# otherwise work fine.
#
PidFile /var/run/frox.pid
####################################################################
# Ftp Protocol Options #
####################################################################
# Active --> Passive conversion. If set then all outgoing connections
# from the proxy will be passive FTP, regardless of the type of the
# connection coming in. This makes firewalling a lot easier. Defaults
# to no.
#
# APConv yes
# Passive --> Active conversion. If set then all outgoing connections
# from the proxy will be active FTP, regardless of the type of the
# connection coming in. Defaults to no.
# DO NOT USE WITH APConv!
#
# PAConv yes
# Block PORT commands asking data to be sent to ports<1024 and
# prevent incoming control stream connections from port 20 to
# help depend against ftp bounce attacks. Defaults to on.
#
BounceDefend yes
# If true then only accept data connections from the hosts the control
# connections are to. Breaks the rfc, and defaults to off.
#
# SameAddress yes
# Normally frox strips out nonprintable characters from the control
# stream. This makes buffer overflow attacks on clients/servers much more
# difficult. If you download files that contain non english characters
# this may cause you problems (especially for big charsets like Chines).
# In that case turn on this option.
#
# AllowNonASCII yes
# Try to transparently proxy the data connections as well. Not
# necessary for most clients, and does increase security risks. N.V.
# You probably do _NOT_ need this option. It increases the complexity
# of what frox has to do, increases the difficulty of setting frox up
# correctly, and increases potential security risks. This has nothing
# to do with whether your clients will be transparently proxied. If
# you still want to use this option then read README.transdata for
# details.
#
# TransparentData yes
# Specify ranges for local ports to use for outgoing connections and
# for sending out in PORT commands. By default these are all between
# 40000 and 50000, but you might want to split them up if you have
# complicated firewalling rules.
#
# ControlPorts 40000-40999
# PassivePorts 41000-41999
PassivePorts 49152-65534
# ActivePorts 42000-42999
# SSL/AUTH support. Frox must have been linked to the openssl libraries.
# This is currently experimental, and only tested against vsftpd
#
# UseSSL yes
# DataSSL no
####################################################################
# Caching Options #
####################################################################
# Caching options. There should be at most one CacheModule line, and
# Cache lines to give the options for that caching module. CacheModule
# is HTTP (rewrites ftp requests as HTTP and sends them to a HTTP
# proxy like squid), or local (cache files locally). The relevant
# module needs to have been compiled in at compile time. See FAQ for
# details. If there are no CacheModule lines then no caching will be
# done. "CacheModule None" explicitly requests no caching, and is
# useful to turn off caching within a subsection (below).
#
# CacheModule local
# CacheSize 400
#
# CacheModule http
# HTTPProxy server:3128
# MinCacheSize 65536
# ForceHTTP no # Set to yes to force http file retreiving even if
# # file is not cacheable
#
# StrictCaching no # Read FAQ for details.
# CacheOnFQDN yes # Read FAQ for details.
#
# CacheAll no # Set to yes to cache non anonymous ftp downloads
# Virus scanning -- see FAQ
#
# VirusScanner '"/usr/bin/viruscan" "--option" "%s"'
# VSOK 0
# VSProgressMsgs 30
####################################################################
# Access control #
####################################################################
# Allow non-transparent proxying support. The user can connect
# directly to frox, and give his username as user@host:port or
# user@host. Defaults to no. NTPAddress gives the address to which
# incoming connections must be addressed if the client is to be offered
# non-transparent proxying. For most people using this it will be the same
# as the Listen address above. If not given then all connections will be
# offered non transparent proxying. If you are not using transparent
# proxying at all then you should leave NTPAddress commented out.
#
DoNTP yes
NTPAddress server:2121
# Number of seconds of no activity before closing session
# Defaults to 300
#
# Timeout 300
#Maximum number of processes to fork.
#
# MaxForks 0 # For debugging -- only one connection may be served.
MaxForks 10
# Maximum number of connections from a single host (IP address).
MaxForksPerHost 4
# Maximum number of bytes/second to be transferred over the data
# connection for each client. MaxTransferRate limits downloads and
# MaxUploadRate uploads. CacheDlRate is the rate for downloads of files
# that are cached locally - if not set these files will be downloaded at
# full speed.
#
# MaxTransferRate 4096
# CacheDlRate 8192
# MaxUploadRate 4096
# Access control lists:
# The format is: "ACL Allow|Deny SRC - DST [PORTS]"
# SRC and DST may be in the form x.x.x.x, x.x.x.x/yy, x.x.x.x/y.y.y.y,
# a dns name, or * to match everything.
#
# PORTS is a list of ports. If specified then the rule will only match
# if the destination port of the connection is in this list. This is
# likely only relevant if you are allowing non-transparent proxying of
# ftp connections (ie. DoNTP is enabled above). Specifying * is equivalent
# to not specifying anything - all ports will be matched
#
# Any connection that matches no rules will be denied. Since there are
# no rules by default you'll need to add something to let any
# connections happen at all (look at the last example if you are
# feeling lazy/not bothered by security).
#
# # Examples:
# # Allow local network to ftp to port 21 only, and block host ftp.evil
# ACL Deny * - ftp.evil
# ACL Allow 192.168.0.0/255.255.0.0 - * 21
#
# # Allow local network to ftp anywhere except certain dodgy ports. Network
# # admin's machine can ftp anywhere.
# ACL Allow admin.localnet - *
# ACL Deny * - * 1-20,22-1024,6000-6007,7100
# ACL Allow 192.168.0.0/16 - * *
#
# # You don't really believe in this security stuff, and just want
# # everything to work.
ACL Allow * - *
# Command control program: A bit like the idea of a squid redirector.
# By default the old interface is used so as not to break existing
# installations. The new interface is much more powerful, and is
# reccommended for new scripts -- set UseOldCCP to false to use it.
# See the FAQ for details.
#
# CCProgram /usr/local/lib/frox/bin/ccp
# UseOldCCP no
####################################################################
# Subsections #
####################################################################
# Matching rules the same as ACLS. Only some options can be specified
# in a subsection (currently the yes/no options, timeout, and caching
# options).
#
# SubSection * - ftp.dodgy.server
# StrictCaching yes
# EndSection
#
# SubSection * - 10.0.0.0/24 # A low latency high bandwidth connection
# MinCacheSize 4096
# EndSection
#
# Subsection * - ftp.localnetwork
# # To disable caching if it has been turned on in a parent section
# CacheModule None
# EndSection
</pre>
==== Crear la estructura de directorios para los archivos log:<br> ====
<pre>mkdir -p /usr/local/lib/frox
</pre>
==== Inciar el servidor ftp<br> ====
<pre>/etc/init.d/frox restart </pre>
<br>
== En el cliente ==
==== Configurar filezilla:<br> ====
Menú Edit -> Settings -> Connection -> FTP -> Generic proxy: indicar '''none'''
Menú Edit -> Settings -> Connection -> FTP -> FTP Proxy: indicar '''Custom''' y introducir lo siguiente:
<pre>USER %u@%h
PASS %p
</pre>
==== En Proxy host indicar: ====
'''server:2121'''
<br>
{{Languages|Ftp als clients d'aula}}
[[Category:LliureX]] [[Category:Tips]]
==== <br>Instalar frox (debes de habilitar los [[Repositoris|repositorios]] de [[Repositori Ubuntu 10.04|Ubuntu]]): ====
<pre>sudo apt-get update
sudo apt-get install frox</pre>
==== Crear un archivo de configuración con los siguientes datos y copiarlo (frox.conf) a /etc/<br> ====
<pre># Configuration file for frox transparent ftp-proxy.
# Send SIGHUP after editing and it will be reread. This will fail
# completely if we are chrooted and the config file isn't within the
# dir we have chrooted to, or if we have dropped priveleges and no
# longer have permission to read the config file! Some options cannot
# be reread - namely those which require special privelidges (ie.
# BindToDevice, Listen, Port, TransparentData) and the caching stuff.
####################################################################
# Network Options #
####################################################################
# Address to listen on - default is 0.0.0.0 If you are using an OS other
# than Linux and are doing transparent proxying then you will need to set
# this to the IP of a local interface. If using linux you could leave it
# commented out to listen on all local IPs.
#
# Listen firewall.localnet
Listen server
# Port to listen on. Must be supplied.
#
Port 2121
# If specified then bind to this device
#
BindToDevice eth0
# Whether to run from inetd. You should still define Port above, but
# it isn't used for much.
#
# FromInetd yes
# Stop frox from putting itself into the background. Use this if you want
# to run frox from supervise from djb's daemontools
#
# NoDetach
# A hack that should allow you to get away without putting resolver libraries
# into the chroot jail. The default is fine unless for some reason you have
# this hostname in /etc/hosts. If this sort of thing offends you, you may
# comment this out and copy resolver libraries into the chroot jail instead.
# See FAQ section 3.2 for details.
#
ResolvLoadHack wontresolve.doesntexist.abc
# Another ftp proxy to forward on to. Frox will contact this ftp
# proxy, and send it a login name of the form "user@host:port" where
# host and port are the server frox should contact. If you set
# FTPProxyNoPort then frox will send logins of the form user@host
#
# FTPProxy 192.168.2.9:2222
# FTPProxyNoPort yes
# Pick the IP frox should use for outgoing connections. You probably don't
# need this, and it is not well tested.
#
# TcpOutgoingAddr
# Pick the IP that frox should send in PASV replies to the client. Defaults
# to the address frox received the control connection on which you shouldn't
# need to change unless you are doing NAT between frox and your clients, or
# are trying to tunnel connections using frox. See FAQ.
#
# PASVAddress
####################################################################
# General Options #
####################################################################
# User and group to drop priveliges to. This must be specified - if
# you really want to run as root (not a good idea) you must say so
# specifically, and have compiled with --enable-run-as-root.
#
User nobody
Group nogroup
# This is frox's working directory - it must be specified. Temporary
# files and sockets will be created here. If you are using local
# caching then the cache will be stored in this directory too. It
# should be owned by frox with permissions 700. By default frox will
# also chroot to this dir on startup. To avoid this you must specifically
# set DontChroot to Yes.
#
WorkingDir /usr/local/lib/frox
DontChroot Yes
# Logging level. 0=No logging. 5=Critical errors only. 10= All errors.
# 15=Errors, other important stuf. 20= Errors, connections, cache
# hits/misses 25=Debug info including text of control session. By
# default frox will log through syslog as facility daemon. If you want
# frox to log to a file instead specify this in LogFile below. You may
# set LogFile to "stderr" if you wish it to log there. XferLogging
# defaults to on, and results in a one line log entry for each file
# transferred irrespective of the log level. You can turn this off
# below.
#
LogLevel 20
LogFile /usr/local/lib/frox/frox-log
XferLogging no
# File to store PID in. Default is not to. If this file is not within
# the Chroot directory then it cannot be deleted on exit, but will
# otherwise work fine.
#
PidFile /var/run/frox.pid
####################################################################
# Ftp Protocol Options #
####################################################################
# Active --> Passive conversion. If set then all outgoing connections
# from the proxy will be passive FTP, regardless of the type of the
# connection coming in. This makes firewalling a lot easier. Defaults
# to no.
#
# APConv yes
# Passive --> Active conversion. If set then all outgoing connections
# from the proxy will be active FTP, regardless of the type of the
# connection coming in. Defaults to no.
# DO NOT USE WITH APConv!
#
# PAConv yes
# Block PORT commands asking data to be sent to ports<1024 and
# prevent incoming control stream connections from port 20 to
# help depend against ftp bounce attacks. Defaults to on.
#
BounceDefend yes
# If true then only accept data connections from the hosts the control
# connections are to. Breaks the rfc, and defaults to off.
#
# SameAddress yes
# Normally frox strips out nonprintable characters from the control
# stream. This makes buffer overflow attacks on clients/servers much more
# difficult. If you download files that contain non english characters
# this may cause you problems (especially for big charsets like Chines).
# In that case turn on this option.
#
# AllowNonASCII yes
# Try to transparently proxy the data connections as well. Not
# necessary for most clients, and does increase security risks. N.V.
# You probably do _NOT_ need this option. It increases the complexity
# of what frox has to do, increases the difficulty of setting frox up
# correctly, and increases potential security risks. This has nothing
# to do with whether your clients will be transparently proxied. If
# you still want to use this option then read README.transdata for
# details.
#
# TransparentData yes
# Specify ranges for local ports to use for outgoing connections and
# for sending out in PORT commands. By default these are all between
# 40000 and 50000, but you might want to split them up if you have
# complicated firewalling rules.
#
# ControlPorts 40000-40999
# PassivePorts 41000-41999
PassivePorts 49152-65534
# ActivePorts 42000-42999
# SSL/AUTH support. Frox must have been linked to the openssl libraries.
# This is currently experimental, and only tested against vsftpd
#
# UseSSL yes
# DataSSL no
####################################################################
# Caching Options #
####################################################################
# Caching options. There should be at most one CacheModule line, and
# Cache lines to give the options for that caching module. CacheModule
# is HTTP (rewrites ftp requests as HTTP and sends them to a HTTP
# proxy like squid), or local (cache files locally). The relevant
# module needs to have been compiled in at compile time. See FAQ for
# details. If there are no CacheModule lines then no caching will be
# done. "CacheModule None" explicitly requests no caching, and is
# useful to turn off caching within a subsection (below).
#
# CacheModule local
# CacheSize 400
#
# CacheModule http
# HTTPProxy server:3128
# MinCacheSize 65536
# ForceHTTP no # Set to yes to force http file retreiving even if
# # file is not cacheable
#
# StrictCaching no # Read FAQ for details.
# CacheOnFQDN yes # Read FAQ for details.
#
# CacheAll no # Set to yes to cache non anonymous ftp downloads
# Virus scanning -- see FAQ
#
# VirusScanner '"/usr/bin/viruscan" "--option" "%s"'
# VSOK 0
# VSProgressMsgs 30
####################################################################
# Access control #
####################################################################
# Allow non-transparent proxying support. The user can connect
# directly to frox, and give his username as user@host:port or
# user@host. Defaults to no. NTPAddress gives the address to which
# incoming connections must be addressed if the client is to be offered
# non-transparent proxying. For most people using this it will be the same
# as the Listen address above. If not given then all connections will be
# offered non transparent proxying. If you are not using transparent
# proxying at all then you should leave NTPAddress commented out.
#
DoNTP yes
NTPAddress server:2121
# Number of seconds of no activity before closing session
# Defaults to 300
#
# Timeout 300
#Maximum number of processes to fork.
#
# MaxForks 0 # For debugging -- only one connection may be served.
MaxForks 10
# Maximum number of connections from a single host (IP address).
MaxForksPerHost 4
# Maximum number of bytes/second to be transferred over the data
# connection for each client. MaxTransferRate limits downloads and
# MaxUploadRate uploads. CacheDlRate is the rate for downloads of files
# that are cached locally - if not set these files will be downloaded at
# full speed.
#
# MaxTransferRate 4096
# CacheDlRate 8192
# MaxUploadRate 4096
# Access control lists:
# The format is: "ACL Allow|Deny SRC - DST [PORTS]"
# SRC and DST may be in the form x.x.x.x, x.x.x.x/yy, x.x.x.x/y.y.y.y,
# a dns name, or * to match everything.
#
# PORTS is a list of ports. If specified then the rule will only match
# if the destination port of the connection is in this list. This is
# likely only relevant if you are allowing non-transparent proxying of
# ftp connections (ie. DoNTP is enabled above). Specifying * is equivalent
# to not specifying anything - all ports will be matched
#
# Any connection that matches no rules will be denied. Since there are
# no rules by default you'll need to add something to let any
# connections happen at all (look at the last example if you are
# feeling lazy/not bothered by security).
#
# # Examples:
# # Allow local network to ftp to port 21 only, and block host ftp.evil
# ACL Deny * - ftp.evil
# ACL Allow 192.168.0.0/255.255.0.0 - * 21
#
# # Allow local network to ftp anywhere except certain dodgy ports. Network
# # admin's machine can ftp anywhere.
# ACL Allow admin.localnet - *
# ACL Deny * - * 1-20,22-1024,6000-6007,7100
# ACL Allow 192.168.0.0/16 - * *
#
# # You don't really believe in this security stuff, and just want
# # everything to work.
ACL Allow * - *
# Command control program: A bit like the idea of a squid redirector.
# By default the old interface is used so as not to break existing
# installations. The new interface is much more powerful, and is
# reccommended for new scripts -- set UseOldCCP to false to use it.
# See the FAQ for details.
#
# CCProgram /usr/local/lib/frox/bin/ccp
# UseOldCCP no
####################################################################
# Subsections #
####################################################################
# Matching rules the same as ACLS. Only some options can be specified
# in a subsection (currently the yes/no options, timeout, and caching
# options).
#
# SubSection * - ftp.dodgy.server
# StrictCaching yes
# EndSection
#
# SubSection * - 10.0.0.0/24 # A low latency high bandwidth connection
# MinCacheSize 4096
# EndSection
#
# Subsection * - ftp.localnetwork
# # To disable caching if it has been turned on in a parent section
# CacheModule None
# EndSection
</pre>
==== Crear la estructura de directorios para los archivos log:<br> ====
<pre>mkdir -p /usr/local/lib/frox
</pre>
==== Inciar el servidor ftp<br> ====
<pre>/etc/init.d/frox restart </pre>
<br>
== En el cliente ==
==== Configurar filezilla:<br> ====
Menú Edit -> Settings -> Connection -> FTP -> Generic proxy: indicar '''none'''
Menú Edit -> Settings -> Connection -> FTP -> FTP Proxy: indicar '''Custom''' y introducir lo siguiente:
<pre>USER %u@%h
PASS %p
</pre>
==== En Proxy host indicar: ====
'''server:2121'''
<br>
{{Languages|Ftp als clients d'aula}}
[[Category:LliureX]] [[Category:Tips]]