The ftpproxy program's use is fairly evident from its name. It forwards ftp requests from one server to another server. In my case, I needed it because we were out of public IP addresses, and had a very limited need for an ftp server available on the Internet.
There is also an ftp-proxy which is included in a FreeBSD base install. It is found in /usr/libexec, and is intended for use with the pf packet filter. Its man page gives good examples of what should be added to pf.conf to use it on a machine with two interfaces. However, in my case, it was needed on a server with one ethernet interface behind a firewall. The firewall has a public address and forwards requests to a webserver, with an internal 192.168.1.x address on the local network.
For purposes of example, we'll say the web server is called web.example.com and has an internal address of 192.168.1.20. I wanted the web server to forward ftp requests to another machine, with an address of 192.168.8.25.
cd /usr/ports/ftp/ftpproxy make install clean |
Once installed, I took a quick look at the man page. I tried man ftpproxy with no result. It turns out that the program is called ftp.proxy. Once I figured this out, the rest was relatively simple.
As the man page explains, ftpproxy is run from inetd. Therefore, if one isn't already running inetd add the following line to /etc/rc.conf.
inetd_enable="YES" |
According to the man page, ftpproxy can also be run in standalone mode, but I didn't try this. The somewhat sparse documentation on their web site indicates that it is usually started from inetd.
After adding the inetd line to /etc/rc.conf, edit /etc/inetd.conf. There are a few lines towards the top referring to ftp. I added a line underneath them.
ftp stream tcp nowait nobody /usr/local/sbin/ftp.proxy ftp.proxy 192.168.8.25 |
(If your browser broke that it should be one line)
Once this is done, start (or restart if it's already running) inetd.
/etc/rc.d/inetd start |
There are other options that can be used, however, I just needed a very simple configuration as a client had to download some files. Therefore, we didn't even add any cnames, I just had the client ftp to web.example.com and they were redirected to the ftp server.