Setting Esets For Scanning Of Http Communication - Transparent Mode; Setting Esets For Scanning Of Ftp Communication - Transparent Mode - ESET GATEWAY SECURITY Installation Manual

A.1. Setting ESETS for scanning of HTTP communication - transparent
mode
HTTP scanning is performed using the esets_http daemon. In the [http] section of the ESETS
configuration file, set the following parameters:
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 8080
In the example above, 'listen_addr' is the address of the local network interface named if0.
Restart the ESETS daemon. The next step is to redirect all HTTP requests to esets_http. If IP-
filtering is being performed by the ipchains administration tool, an appropriate rule would be:
ipchains -A INPUT -p tcp -i if0 --dport 80 \
-j REDIRECT 8080
If IP-filtering is being performed by the iptables administration tool, the rule is:
iptables -t nat -A PREROUTING -p tcp -i if0 \
--dport 80 -j REDIRECT --to-ports 8080
On FreeBSD, the rule is:
ipfw add fwd 192.168.1.10,8080 tcp \
from any to any 80 via if0 in
On NetBSD and Solaris, the rule is:
echo 'rdr if0 0.0.0.0/0 port 80 -> 192.168.1.10 \
port 8080 tcp' | ipnat -f -
A.2. Setting ESETS for scanning of FTP communication - transparent
mode
FTP scanning is performed using the esets_ftp daemon. In the [ftp] section of the ESETS
configuration file, set the following parameters:
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 2121
In the above example, 'listen_addr' is the address of the local network interface named if0.
Restart the ESETS daemon. Then, redirect all FTP requests to esets_ftp. If IP-filtering is being
performed by the ipchains administration tool, an appropriate rule would be:
ipchains -A INPUT -p tcp -i if0 --dport 21 \
-j REDIRECT 2121
34 ESET Gateway Security