At least one connection
profile element must be defined.
id must be a unique identifier that does not change during the lifetime of the profile.
name can be given to the profile. This is a free-form text string.
host attribute defines the Secure Shell server host that is the end point of the tunnel. If it is left empty, the Secure Shell tunnel is opened to the destination host given in the SOCKS request. Otherwise the Secure Shell tunnel is opened to the host specified in the profile and FTP connections are forwarded to the requested hosts.
port attribute specifies the Secure Shell server port. The default port is
connect-on-startup attribute specifies whether a connection with the profile is opened automatically when the SOCKS Proxy is started. For transparent tunneling, it should be set to
user attribute specifies the username on the Secure Shell server. If it is left empty, the username given by the FTP client is used when opening the Secure Shell connection.
gateway-profile attribute specifies whether a tunneled connection should be created through another profile. The first tunnel is created using the gateway host profile and from there the second tunnel is created to the host defined in this profile.
At least one
tunnel element must be defined.
For transparent tunneling, the tunnel
type must be set as
"socks-proxy and the
listen-address is usually the loopback address
"127.0.0.1", but can be an address of any local interface that will be listened.
allow-relay attribute defines whether connections to the listened port are allowed from outside the client host. The default is
profile attributes are left empty when transparent tunneling is used.
At least one
filter element must be defined.
id attribute specifies a unique identifier for the
ip-address attribute specifies the target host IP address to be filtered. It can be a regular expression. Connections to the specified address are captured. With transparent FTP tunneling, this can be usually set to capture all connections (
".*"), as the connections are already filtered by the SOCKS Proxy settings.
pseudo-ip attribute should be set to
"no" for transparent tunneling.
dns-id attribute is a reference to a
dns element and should contain the same value as the
id attribute of the DNS rule.
ports attribute specifies the ports to be filtered. It can be a single port or a range. A range is specified with a dash between two integers (such as
action attribute specifies the action to be done when a filter is used. For transparent FTP tunneling, it must be
profile-id attribute is a reference to a
profile element and should contain the same value as the
id attribute of the profile.
When applying the filter rule, if creating the tunnel fails (or the connection to the Secure Shell server fails) the SOCKS Proxy will normally return a "host not reachable" error. However, if the
fallback-to-plain attribute is set to
"yes", a direct (unsecured) connection is used instead.