The most common use of FTP-Proxy will probably be "inbound" FTP
traffic. This means that clients from an "outside" world seek access
to a "local" FTP server specified in the DestinationAddress
variable.
Nevertheless, FTP-Proxy supports also an "outbound" mode, where clients have more control over the FTP connections. The FTP-Proxy implements two concepts of "outbound" traffic.
The first one is based on the increased level of trust that users
enjoy. When setting the AllowMagicUser config option to
"yes" and allowing the "@" (see also UseMagicChar option)
and ":" characters as part of the USER command argument, users can
determine the destination server's address and port with the USER
command. All they have to do is to append the host name, separated
by the "@" sign (or other set using UseMagicChar option),
optionally followed by a colon and the port. These components will
be removed from the name and evaluated as destination.
The second one is based on IP-NAT packet redirections, commonly
called transparent proxying. This method is currently
implemented for Linux ipchains (2.2 kernel) and iptables (2.4
kernel), as well as for BSD ipnat, tested on OpenBSD 2.9 and
FreeBSD 4.4. A description how to setup the redirections is
provided in the TransProxy-Mini-Howto.txt file.
When setting the AllowTransProxy config option to "yes",
the proxy will evaluate the original destination address and port
the client wanted connect as destination. If AllowMagicUser
is enabled as well, the users are still able to provide a different
destination using the USER command argument.
If AllowTransProxy and AllowMagicUser are not
used, the FTP-Proxy runs in the "inbound" mode and the
DestinationAddress is mandatory.
In "outbound" mode, DestinationAddress is used as default
or fallback destination, that will be used if no other destination
is found using Transparent-Proxy or Magic-User
mechanisms.