Warning: The implementation of transparent proxying support is tested only with the transparent proxy feature of the Linux 2.2.x kernels and ipchains. Feel free to test it on other platforms! How it works? Its very simple: the ip filter of you kernel redirects all packages to the ftp port (21) in "external networks" to the proxy and the proxy connects the server you wanted to go using informations from the ip package of your request. First, you want to enable the transparent proxy feature in your kernel and setup redirection rules: Here is a example network configuration: internal network - 192.168.0.0/24 (and others) | | | eth0: 192.168.1.1 Firewall + Proxy | eth1: not relevant | | I N T E R N E T You want following (relevant) rules in your IP filter, i.e.: # deny all FTP requests to the proxy from internet ipchains -I input -i eth1 -d 192.168.1.1 21 -p tcp -j DENY -l # redirect all FTP requests from internal network to the proxy: ipchains -I input -i eth0 -s 0/0 -d ! 192.168.1.1 21 -p tcp -j REDIRECT 21 Second, you want to enable the AllowTransProxy flag in the ftp-proxy.conf(5) file and start the proxy. This is a MINIMALISTIC example you may start with: # grep -v ^# /etc/proxy-suite/ftp-proxy.conf | grep -v ^$ [-Global-] ServerType standalone LogDestination daemon DestinationTransferMode passive PortResetsPasv yes Listen 192.168.1.1 UseMagicChar % AllowMagicUser yes AllowTransProxy yes Take a look on your system messages if and how it works! And sure, feel free to set up a chroot environment, etc. Have a lot fun, Your SuSE Team.