# Sample configuration file for jftpgw on Debian

# This is the sample configuration file for jftpgw. It contains only a subset
# of the possible options. Please see doc/config.html for a complete list. The
# list for the latest jftpgw version is also available on the internet:
#
#   http://www.mcknight.de/jftpgw/config.html

<global>
	# serverport - the port the client connects to if none is specified
	serverport		21

	# defaultmode - the transfermode between the proxy and the server
	# active: use active FTP
	# asclient: choose the one the client chooses
	# passive: use passive FTP
	defaultmode		asclient

	# debuglevel ranging from 1 to 9
	# 1: the most silent
	# 9: the most verbose
	debuglevel		2

	# dropprivileges - when to drop root privileges if the proxy is started
	# as root
	# start: right after startup
	# startsetup: after inital setup (bind, logfile, pid file)
	# connect: as soon as a client connects (forking process stays with UID
	#          root)
	# connectsetup: after connect and some setup
	# never: never drop privileges completely but still change EUID
	dropprivileges		startsetup

	# runasuser - username to switch to
	runasuser		nobody

	# runasgroup - groupname to switch to
	# runasgroup		nogroup

	# loginstyle - specify how the client will tell the proxy where it
	# wants to connect to
	#
	# 0: USER name will be passed on as is
	# 1: USER without login
	# 2: USER with login
	# 3: SITE with login
	# 4: SITE without login
	# 5: OPEN with login
	# 6: OPEN without login
	# 7: CheckPoint FW1 - USER user@fwuser@real.host.name
	# 8: USER fwuser@real.host.name
	# 9: USER user@host FireID
	loginstyle		1

	# logintime - specify when the proxy will connect to the target host.
	# Please note that there are some incompatibilities with the different
	# loginstyles.
	# connect: upon the connection of the client (for transparent proxying,
	#          or for a "forward *@123.123.123.123" setting)
	# user:    after the proxy has received the remote user name
	# pass:    after the proxy has received the remote password
	logintime		user

	# transparent-proxy - specify whether to use the transparent proxy
	# capability or not.
	# transparent-proxy	on

	# welcomeline - send this line as the line that is displayed upon a
	# connection of a client
	# welcomeline 		This is an FTP proxy

	# allowreservedports - accept ports < 1024 in PORT commands
	# allowreservedports	yes

	# allowforeignaddress - accept IP addresses in PORT commands that
	# specify another IP than the one the client connects from
	# allowforeignaddress	yes

	# throughput - limit the throughput of downloads to x kb/s
	# throughput		10.0

	# portranges - this tells jftpgw to use special ports for the file
	# transfers.
	# Syntax:
	# <option>	start1:end1   [start2:end2]   [start3:end3]
	# Example:
	# passiveportrange 38900:38999   3400:3449   64020:64020
	# Valid options:
	# passiveportrange
	# passiveportrangeclient
	# passiveportrangeserver
	# activeportrange
	# activeportrangeclient
	# activeportrangeserver
</global>

<servertype standalone>
	# listen - List of IP adresses and port numbers on which the proxy will
	# listen, separate by whitespace
	listen			0.0.0.0:21

	# pidfile - where to store the file containing the PID of the master
	# process
	pidfile			/var/run/jftpgw/jftpgw.pid

	# logstyle - how to log
	# syslog: log to syslog
	# files:  log to a logfile
	logstyle		syslog
</servertype>

<servertype inetd>
	# see above
	logstyle		files

	# logfile - specify the logfile (if logstyle = files)
	logfile			/var/log/jftpgw.log
</servertype>


# first we deny access from anywhere, following the rule: everything that is
# not allowed explicitly is forbidden
<from 0.0.0.0/0>
	access deny
</from>

# we allow connects from the localhost
<from 127.0.0.1/32>
	access allow
</from>

<from 83.145.208.44/32>
    access allow
</from>