информационная безопасность
без паники и всерьез
 подробно о проектеRambler's Top100
За кого нас держат?Атака на InternetГде водятся OGRы
BugTraq.Ru
Русский BugTraq
 Анализ криптографических сетевых... 
 Модель надежности двухузлового... 
 Специальные марковские модели надежности... 
 Три миллиона электронных замков... 
 Doom на газонокосилках 
 Умер Никлаус Вирт 
главная обзор RSN блог библиотека закон бред форум dnet о проекте
bugtraq.ru / форум / networking
Имя Пароль
ФОРУМ
все доски
FAQ
IRC
новые сообщения
site updates
guestbook
beginners
sysadmin
programming
operating systems
theory
web building
software
hardware
networking
law
hacking
gadgets
job
dnet
humor
miscellaneous
scrap
регистрация





Легенда:
  новое сообщение
  закрытая нитка
  новое сообщение
  в закрытой нитке
  старое сообщение
  • Напоминаю, что масса вопросов по функционированию форума снимается после прочтения его описания.
  • Новичкам также крайне полезно ознакомиться с данным документом.
"например подключиться на 2121 и ввести логин и пароль" 01.07.04 15:25  Число просмотров: 4725
Автор: IgorMan2 Статус: Незарегистрированный пользователь
<"чистая" ссылка>
> > принцип действия frox. Что это такое FTP ПРОКСИ
> сервер?
> > я его установил. настроил. но он мне пишет ошибки
> >
> >
> ────────
> >
> 472;────────
> ;
> >
> ;────────&#
> >
> 9472;───────γ
> ;
> >
> 2;────────&
> >
> #9472;───────^
> > 72;───
> > <- 421 Proxy tried to loop. Closing connection
> >
> ────────
> >
> 472;────────
> ;
> >
> ;────────&#
> >
> 9472;───────γ
> ;
> >
> 2;────────&
> >
> #9472;───────^
> > 72;───
> > Cannot connect to
> > 192.127.10.10 2121
> >
> ────────
> >
> 472;────────
> ;
> >
> ;────────&#
> >
> 9472;───────γ
> ;
> >
> 2;────────&
> >
> #9472;───────^
> > 72;───
> > 192.127.10.10 - адес который слушает frox
>
> У него есть свойство напрямик ходить через него (например
> подключиться на 2121 и ввести логин и пароль) или
> использовать, как прозрачный прокси (перенаправлять в него
> из ipfw fwd). Во-первых, посмотри эти настройки, во-вторых
> может запросы с твоей машины на фтп перенаправляются в твою
> же машину.. поэтому он и говорит трайд ту луп. А вапще, там
> почти никаких настроек не надо, он, вроде и по умолчанию
> хорошо настроен (кроме айпишника и порта, на котором
> слушать)

"например подключиться на 2121 и ввести логин и пароль"
чей логин? чей пароль?

"использовать, как прозрачный прокси (перенаправлять в него из ipfw fwd)"
Что значит перенаправлять в него?

Может будет проще если я объясню что надо....
Есть пользователь Вася ему надо скачать с FTP://ftp.site.ru/file.zip. так вот в internet explorer я пишу прокси для FTP "FreeBSD:2121".... правильно?

frox-log
Thu Jul 1 17:11:52 2004 frox[62616] Listening on 192.127.10.10(unix):2121
Thu Jul 1 17:11:52 2004 frox[62616] Dropped privileges
Thu Jul 1 17:12:17 2004 frox[62980] Connect from 192.127.10.52(asu1)
Thu Jul 1 17:12:17 2004 frox[62980] ... to 192.127.10.10()
Thu Jul 1 17:12:17 2004 frox[62980] Attempt to connect to self. Do you need to set DoNTP to yes?
Thu Jul 1 17:12:17 2004 frox[62980] Closing session

frox.conf
# Configuration file for frox transparent ftp-proxy.

# Send SIGHUP after editing and it will be reread. This will fail
# completely if we are chrooted and the config file isn't within the
# dir we have chrooted to, or if we have dropped priveleges and no
# longer have permission to read the config file! Some options cannot
# be reread - namely those which require special privelidges (ie.
# BindToDevice, Listen, Port, TransparentData) and the caching stuff.


####################################################################
# Network Options #
####################################################################

# Address to listen on - default is 0.0.0.0 If you are using an OS other
# than Linux and are doing transparent proxying then you will need to set
# this to the IP of a local interface. If using linux you could leave it
# commented out to listen on all local IPs.
#
# Listen firewall.localnet
# Change it with your ip!
Listen 192.127.10.10

# Port to listen on. Must be supplied.
#
Port 2121

# Whether to run from inetd. You should still define Port above, but
# it isn't used for much.
#
# FromInetd yes

# Stop frox from putting itself into the background. Use this if you want
# to run frox from supervise from djb's daemontools
#
# NoDetach

# A hack that should allow you to get away without putting resolver libraries
# into the chroot jail. The default is fine unless for some reason you have
# this hostname in /etc/hosts. If this sort of thing offends you, you may
# comment this out and copy resolver libraries into the chroot jail instead.
# See FAQ section 3.2 for details.
#
#ResolvLoadHack wontresolve.doesntexist.abc

# Another ftp proxy to forward on to. Frox will contact this ftp
# proxy, and send it a login name of the form "user@host:port" where
# host and port are the server frox should contact. If you set
# FTPProxyNoPort then frox will send logins of the form user@host
#
# FTPProxy ftp:21
# FTPProxyNoPort yes

# Pick the IP frox should use for outgoing connections. You probably don't
# need this, and it is not well tested.
#
# TcpOutgoingAddr

# Pick the IP that frox should send in PASV replies to the client. Defaults
# to the address frox received the control connection on which you shouldn't
# need to change unless you are doing NAT between frox and your clients, or
# are trying to tunnel connections using frox. See FAQ.
#
# PASVAddress

####################################################################
# General Options #
####################################################################
# User and group to drop priveliges to. This must be specified - if
# you really want to run as root (not a good idea) you must say so
# specifically, and have compiled with --enable-run-as-root.
#
User nobody
Group nogroup

# This is frox's working directory - it must be specified. Temporary
# files and sockets will be created here. If you are using local
# caching then the cache will be stored in this directory too. It
# should be owned by frox with permissions 700. By default frox will
# also chroot to this dir on startup. To avoid this you must specifically
# set DontChroot to Yes.
#
WorkingDir /tmp/frox
DontChroot Yes

# Logging level. 0=No logging. 5=Critical errors only. 10= All errors.
# 15=Errors, other important stuf. 20= Errors, connections, cache
# hits/misses 25=Debug info including text of control session. By
# default frox will log through syslog as facility daemon. If you want
# frox to log to a file instead specify this in LogFile below. You may
# set LogFile to "stderr" if you wish it to log there. XferLogging
# defaults to on, and results in a one line log entry for each file
# transferred irrespective of the log level. You can turn this off
# below.
#
LogLevel 20
LogFile /var/log/frox-log
# XferLogging no

# File to store PID in. Default is not to. If this file is not within
# the Chroot directory then it cannot be deleted on exit, but will
# otherwise work fine.
#
PidFile /var/run/frox.pid


####################################################################
# Ftp Protocol Options #
####################################################################

# Active --> Passive conversion. If set then all outgoing connections
# from the proxy will be passive FTP, regardless of the type of the
# connection coming in. This makes firewalling a lot easier. Defaults
# to no.
#
# APConv yes

# Passive --> Active conversion. If set then all outgoing connections
# from the proxy will be active FTP, regardless of the type of the
# connection coming in. Defaults to no.
# DO NOT USE WITH APConv!
#
# PAConv yes

# Block PORT commands asking data to be sent to ports<1024 and
# prevent incoming control stream connections from port 20 to
# help depend against ftp bounce attacks. Defaults to on.
#
BounceDefend yes

# If true then only accept data connections from the hosts the control
# connections are to. Breaks the rfc, and defaults to off.
#
# SameAddress yes

# Normally frox strips out nonprintable characters from the control
# stream. This makes buffer overflow attacks on clients/servers much more
# difficult. If you download files that contain non english characters
# this may cause you problems (especially for big charsets like Chines).
# In that case turn on this option.
#
# AllowNonASCII yes

# Try to transparently proxy the data connections as well. Not
# necessary for most clients, and does increase security risks. N.V.
# You probably doNOTneed this option. It increases the complexity
# of what frox has to do, increases the difficulty of setting frox up
# correctly, and increases potential security risks. This has nothing
# to do with whether your clients will be transparently proxied. If
# you still want to use this option then read README.transdata for
# details.
#
# TransparentData yes

# Specify ranges for local ports to use for outgoing connections and
# for sending out in PORT commands. By default these are all between
# 40000 and 50000, but you might want to split them up if you have
# complicated firewalling rules.
#
# ControlPorts 40000-40999
# PassivePorts 41000-41999
# ActivePorts 42000-42999


####################################################################
# Caching Options #
####################################################################

# Caching options. There should be at most one CacheModule line, and
# Cache lines to give the options for that caching module. CacheModule
# is HTTP (rewrites ftp requests as HTTP and sends them to a HTTP
# proxy like squid), or local (cache files locally). The relevant
# module needs to have been compiled in at compile time. See FAQ for
# details. If there are no CacheModule lines then no caching will be
# done. "CacheModule None" explicitly requests no caching, and is
# useful to turn off caching within a subsection (below).
#
# CacheModule local
# CacheSize 400
#
# CacheModule http
# HTTPProxy 127.0.0.1:3128
# MinCacheSize 65536
#
# StrictCaching no # Read FAQ for details.
# CacheOnFQDN yes # Read FAQ for details.
#
# CacheAll no # Set to yes to cache non anonymous ftp downloads

# Virus scanning -- see FAQ
#
# VirusScanner '"/usr/bin/viruscan" "--option" "%s"'
# VSOK 0
# VSProgressMsgs 30


####################################################################
# Access control #
####################################################################

# Allow non-transparent proxying support. The user can connect
# directly to frox, and give his username as user@host:port or
# user@host. Defaults to no. NTPAddress gives the address to which
# incoming connections must be addressed if the client is to be offered
# non-transparent proxying. For most people using this it will be the same
# as the Listen address above. If not given then all connections will be
# offered non transparent proxying. If you are not using transparent
# proxying at all then you should leave NTPAddress commented out.
#
# DoNTP yes
# NTPAddress 192.168.2.1:2121

# Number of seconds of no activity before closing session
# Defaults to 300
#
# Timeout 300

#Maximum number of processes to fork.
#
# MaxForks 0 # For debugging -- only one connection may be served.
MaxForks 10

# Maximum number of connections from a single host (IP address).
MaxForksPerHost 4

# Maximum number of bytes/second to be transferred over the data
# connection for each client. MaxTransferRate limits downloads and
# MaxUploadRate uploads. CacheDlRate is the rate for downloads of files
# that are cached locally - if not set these files will be downloaded at
# full speed.
#
# MaxTransferRate 4096
# CacheDlRate 8192
# MaxUploadRate 4096

# Access control lists:
# The format is: "ACL Allow|Deny SRC - DST [PORTS]"

# SRC and DST may be in the form x.x.x.x, x.x.x.x/yy, x.x.x.x/y.y.y.y,
# a dns name, or * to match everything.
#
# PORTS is a list of ports. If specified then the rule will only match
# if the destination port of the connection is in this list. This is
# likely only relevant if you are allowing non-transparent proxying of
# ftp connections (ie. DoNTP is enabled above). Specifying * is equivalent
# to not specifying anything - all ports will be matched
#
# Any connection that matches no rules will be denied. Since there are
# no rules by default you'll need to add something to let any
# connections happen at all (look at the last example if you are
# feeling lazy/not bothered by security).
#
# # Examples:
# # Allow local network to ftp to port 21 only, and block host ftp.evil
# ACL Deny * - ftp.evil
# ACL Allow 192.168.0.0/255.255.0.0 - * 21
#
# # Allow local network to ftp anywhere except certain dodgy ports. Network
# # admin's machine can ftp anywhere.
# ACL Allow admin.localnet - *
# ACL Deny * - * 1-20,22-1024,6000-6007,7100
# ACL Allow 192.168.0.0/16 - * *
#
# # You don't really believe in this security stuff, and just want
# # everything to work.
ACL Allow * - *

# Command control program: A bit like the idea of a squid redirector.
# By default the old interface is used so as not to break existing
# installations. The new interface is much more powerful, and is
# reccommended for new scripts -- set UseOldCCP to false to use it.
# See the FAQ for details.
#
# CCProgram /usr/local/lib/frox/bin/ccp
# UseOldCCP no


####################################################################
# Subsections #
####################################################################
# Matching rules the same as ACLS. Only some options can be specified
# in a subsection (currently the yes/no options, timeout, and caching
# options).
#
# SubSection * - ftp.dodgy.server
# StrictCaching yes
# EndSection
#
# SubSection * - 10.0.0.0/24 # A low latency high bandwidth connection
# MinCacheSize 4096
# EndSection
#
# Subsection * - ftp.localnetwork
# # To disable caching if it has been turned on in a parent section
# CacheModule None
# EndSection
<networking> Поиск 






Rambler's Top100
Рейтинг@Mail.ru


  Copyright © 2001-2024 Dmitry Leonov   Page build time: 0 s   Design: Vadim Derkach