-
Notifications
You must be signed in to change notification settings - Fork 16
/
ftpproxy.conf
162 lines (140 loc) · 6.13 KB
/
ftpproxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
### Java FTP Proxy Server
### configuration file
#The port on which the proxy should listen for incoming
#connections. The default is 8089. Note that in earlier
#versions this parameter was named "port".
#bind_port=8089
#If your computer has more than one network interface and
#you only want it to accept connections on one you should
#insert the IP-address or hostname of the interface you
#wish to use here.
#bind_address=123.45.67.89
#If you want the IP-address returned by the proxy in
#response to a PASV command, insert the IP-address or
#hostname here.
#This can be used to provide external access to a ftp
#server behind a NAT firewall or through SSH tunnelling.
#masquerade_host=127.0.0.1
#Ensure that the connections to the data connection comes
#from the same IP as the control connection.
#validate_data_connection=1
#If you want the proxy to act as a transparent gateway to
#an FTP server on some other computer, then set auto_host
#to the IP-address or hostname of that computer here.
#If you wish to connect to a port other than the default
#port (21), you should set auto_port as well.
#auto_host=host.domain.tld
#auto_port=21
#If you do not want the proxy to act as proxy for hosts
#other than auto_host, you should set only_auto to 1. The
#default value is 0.
#only_auto=1
#If you need the proxy to connect to some (or all) hosts
#using passive mode (e.g. if the proxy runs behind a
#NAT'ed firewall), you can specify these here. Note: this
#only concerns traffic between the proxy and FTP servers.
#Whether to use passive mode between the client and the
#proxy is determined by the client.
#If neither use_passive nor use_active is set, all
#connections are made in active mode. If only use_passive
#is set, all connections are made in active mode, except
#connections to the hosts mentioned in use_passive.
#If only use_active is set, all connections are made in
#passive mode, except connections to hosts mentioned in
#use_active. If both use_passive and use_active are set,
#all connections are made in passive mode, except
#connections to hosts mentioned in use_active but not in
#use_passive.
#If you want all connections to be made in passive mode,
#you should specify an empty string for use_active (it
#should not be commented out).
#The format of the settings is a comma-seperated list of
#IP-addresses/subnets. These may be formatted as either
#a single IP-adresse, e.g. 123.45.67.89, or as a subnet
#written like either 123.45.67.89/255.255.254.0 or
#123.45.67.89/23.
#use_active=192.168.0.0/16,172.16.0.0/12,10.0.0.1/8,127.0.0.1
#use_passive=
#When using passive mode between the client and the proxy
#and when using active mode between the proxy and the
#server, the proxy chooses a port number to listen for
#data connections. If this port number cannot be chosen
#freely, e.g. due to firewall limititations between the
#client and the proxy or proxy and the server, you can
#here specify a list of ports that may be used when
#listening for data connections from the server and the
#client respectively.
#Note that these port ranges are only used when the
#proxy is _listening_ for data connections, i.e. not
#when running in active mode between the client and the
#proxy or in passive mode between the proxy and the
#server.
#The format is a comma-seperated list of port numbers or
#port ranges written in the format xxxx-yyyy inclusive.
#Note that some servers will refuse to connect to
#privileged ports, i.e. port numbers < 1024.
#If only one port is specified, a slightly different
#technique for binding is used. Hence if you have only
#specified a few ports, you might experience better
#results if you only specify one. However, you cannot
#have more simultaneous connections than there are ports
#available.
#server_bind_ports=1111,2222-3333,4444-5555
#client_bind_ports=
#If you want to use the proxy with your webbrowser you
#need to enable URL syntax. However, this might cause
#trouble using the proxy by means of a regular FTP client
#in the (unusual) event that you have a username
#containing an asterix. The default value is 1.
enable_url_syntax=1
#For debugging purposes, this option makes the proxy
#dump the network dialogue to the standard output.
#output_debug_info=1
### ACCESS CONTROL
#Using deny_from and allow_from you can restrict which
#clients are allowed to connect to the proxy. Using
#deny_to and allow_to you can restrict which hosts clients
#are allowed to connect to.
#If neither deny_from nor allow_from is set, everybody is
#allowed to connect. If only deny_from is set, everybody
#is allowed to connect, except those mentioned in
#deny_from. If only allow_from is set, only the clients
#mentioned in allow_from are allowed to connect. If both
#deny_from and allow_from are set, only clients that are
#mentioned in allow_from but not in deny_from are allowed
#to connect.
#The same logic applies to deny_to and allow_to.
#The format is the same as for use_passive and
#use_active.
#deny_to=192.168.0.0/16,172.16.0.0/12,10.0.0.1/8,127.0.0.1
#deny_from=
#allow_to=
#allow_from=
### MESSAGES
#If you want another message to be sent to the client
#upon connect, you should write it here. If only_auto is
#set to 1, the message of the "auto FTP server" will be
#used instead. Defaults to "Java FTP Proxy Server (usage:
#USERID=user@site) ready."
#msg_connect=
#Message to send to the client if access is denied dut to
#the settings of deny_from and allow_from. Defaults to
#"Access denied - closing connection."
#msg_origin_access_denied=
#Message to send to the client if access is denied due to
#the settings of deny_to and allow_to. Defaults to
#"Access denied - closing connection."
#msg_destination_access_denied=
#Message to send if the client does not supply a username
#of the the form user@site syntax and no auto_host is
#specified. Defaults to "Incorrect usage - closing
#connection."
#msg_incorrect_syntax=
#Message to send to the client in event of an unhandled
#exception. The default is "Internal error, closing
#connection."
#msg_internal_error=
#Message to send to the client if masquerade_host cannot
#be resolved. Defaults to "Unable to resolve address for
#|masqueradeHostname| - closing connection."
#msg_masqerade_hostname_dns_error=