Warning: The implementation of transparent proxying support
is tested only with the transparent proxy feature of the
Linux 2.2.x kernels and ipchains.

	Feel free to test it on other platforms!


How it works?

Its very simple: the ip filter of you kernel redirects all
packages to the ftp port (21) in "external networks" to the
proxy and the proxy connects the server you wanted to go
using informations from the ip package of your request.


First, you want to enable the transparent proxy feature in
your kernel and setup redirection rules:

Here is a example network configuration:

        internal network - 192.168.0.0/24 (and others)
                     |
                     |
                     | eth0: 192.168.1.1
            Firewall + Proxy
                     | eth1: not relevant
                     |
                     |
              I N T E R N E T

You want following (relevant) rules in your IP filter, i.e.:

# deny all FTP requests to the proxy from internet
ipchains -I input -i eth1 -d 192.168.1.1 21 -p tcp -j DENY -l

# redirect all FTP requests from internal network to the proxy:
ipchains -I input -i eth0 -s 0/0 -d ! 192.168.1.1 21 -p tcp -j REDIRECT 21


Second, you want to enable the AllowTransProxy flag in the
ftp-proxy.conf(5) file and start the proxy.

This is a MINIMALISTIC example you may start with:

# grep -v ^# /etc/proxy-suite/ftp-proxy.conf | grep -v ^$
[-Global-]
ServerType                   standalone
LogDestination               daemon
DestinationTransferMode      passive
PortResetsPasv               yes
Listen                       192.168.1.1
UseMagicChar                 %
AllowMagicUser               yes
AllowTransProxy              yes


Take a look on your system messages if and how it works!
And sure, feel free to set up a chroot environment, etc.

Have a lot fun,
  Your SuSE Team.