PC : jftpgw 0.13.4。
jftpgw.conf
<global>
serverport 21
defaultmode asclient
debuglevel 6
dropprivileges start
runasuser nobody
runasgroup nobody
transparent-proxy on
getinternalip configuration
dataclientaddress 10.0.254.1
</global>
<servertype standalone>
listen 10.0.1.1:2370
logstyle files
logfile /var/log/jftpgw.log
pidfile /var/run/jftpgw.pid
</servertype>
<from 0.0.0.0/0>
access deny
</from>
<from 10.0.0.0/16>
access allow
transparent-proxy on
</from>
なんだか dropprivileges がうまくいかない。startsetup だと、
Could not change the EUID to 65534: Operation not permitted
start だと、
Error creating pidfile /var/run/jftpgw.pid
start にして、pid file は start up sh script の側で対処。
jftpgw.sh
#!/bin/sh
PROGRAM=/usr/local/sbin/jftpgw
CFGFILE=/usr/local/etc/jftpgw.conf
PIDFILE=/var/run/jftpgw.pid
case "$1" in
start)
if [ -x $PROGRAM ] && [ -r $CFGFILE ] ; then
touch ${PIDFILE}
UID=`grep runasuser ${CFGFILE} | awk '{ print $2 }`
GID=`grep runasgroup ${CFGFILE} | awk '{ print $2 }`
chown ${UID}:${GID} ${PIDFILE}
$PROGRAM
echo -n " jftpgw"
fi
;;
stop)
PID=`cat $PIDFILE 2>/dev/null`
ps -p "$PID" | tail +2 | grep -sqw $PROGRAM && kill $PID
rm -f ${PIDFILE}
;;
*)
echo "usage: $0 start|stop"
;;
esac
「transparent-proxy on」は、global に書いても
Did not find configuration entry for "transparent-proxy", using "off" as default
と言われるので、個別の IP address range に書く。
ipfw の方。
ipfw add fwd ${proxy_ip},2370 tcp from any to any dst-port 21
ipfw add allow tcp from any 20 to ${oip} setup
んで、debuglevel 9 でテスト。
no new destination - keeping old one: 255.255.255.255 fw_transparent: Destination already set Nonsense destination (no IP and could not look up hostname): 255.255.255.255 Please check your nameserver configuration. This may also happen if your chroot-environment does not contain the necessary files which the libc needs for a lookup Write(0): 531 You are not allowed to connect to that host.
?。USER user@hostname だとうまくいく。でも、それだと、transparent でないので、 意味が無い。