The Smoothwall provides you with a proxy to manage FTP traffic. You can configure a nontransparent or a transparent proxy.
Prerequisite
You must allow access to the FTP port through the Smoothwall Firewall.
- On the NETWORK menu, under the Firewall submenu, click Smoothwall access.
- Add an access rule for the following Services — FTP proxy (2121). Alternatively, you can use port 21 (FTP proxy (alternative) (21)) for your network. Although the Smoothwall access page is where you can add both Services to same access rule, we recommend that you use only one for the FTP proxy service.
Procedure
- This page can’t be accessed from the menus - click on the FTP Proxy service on your Dashboard.
- To set up a nontransparent FTP proxy:
- Under the FTP proxy settings section, select to "Enable" the proxy and the Antimalware scanning. Note: For performance reasons, files larger than 100 MB aren't scanned for malware.
- From the Proxy port list, select the port to use for FTP traffic. The port you select must be the same one opened for the FTP proxy in the Smoothwall access page.
- If you want to allow FTP connections to all servers, select the Allow connections to any server option. However, if you want to allow FTP connections to only specific servers, select the Only connections to specific servers option.
- To allow FTP connections to only specific servers, in the FTP server white list, enter the server's host name or IP address in the format: <IP_address_or_hostname >:<port_number>. If no servers are listed, all host names on all ports can be used.
- To set up a transparent FTP proxy:
- Follow the same steps as for setting up the FTP proxy.
- Under the Transparent proxy settings section, choose how you want the transparency to handle the source and destination IPs:
- Transparently proxy all IPs -Transparently FTP proxy for all source IPs.
- Transparently proxy only the following IPs -Transparently FTP proxy for the source IPs specified. Enter the IP addresses of local devices to be allowed access to transparent FTP proxying. Enter one IP address per line, for example: 1.2.3.4
- Transparently proxy all except the following IPs -Select to transparently FTP proxy all except the source IPs specified. Enter the IP addresses of local devices to be excluded from transparent FTP proxying. Enter one IP address per line, for example: 1.2.3.4
- Select the interface to transparently proxy FTP traffic.
- To set up a nontransparent FTP proxy:
- To save the settings and turn on the FTP proxy, click Save changes.
Note: When running the Smoothwall’s FTP proxy in transparent mode, you don't need to configure FTP client applications.
Follow-up tasks
Nontransparent proxy
- For your FTP clients' Remote host, enter the Smoothwall Firewall’s hostname or IP address.
- For the Remote port, enter the FTP proxy port configured on the Smoothwall, either 21 or 2121. This must match the port number selected for Proxy port.
- For the Remote username, enter the username in the following format: remoteusername@remoteftpserver.