Installation manual
36
ESET Gateway Security
A.1. Setting ESETS for scanning of HTTP communication - transparent
mode
HTTP scanning is performed using the esets_http daemon. In the [http] section of the ESETS
conguration le, set the following parameters:
agent_enabled=yes
listen_addr=”192.168.1.10”
listen_port=8080
In the example above, ‘listen_addr’ is the address of the local network interface named if0.
Restart the ESETS daemon. The next step is to redirect all HTTP requests to esets_http. If IP-
ltering is being performed by the ipchains administration tool, an appropriate rule would be:
ipchains-AINPUT-ptcp-iif0--dport80\
-jREDIRECT8080
If IP-ltering is being performed by the iptables administration tool, the rule is:
iptables-tnat-APREROUTING-ptcp-iif0\
--dport80-jREDIRECT--to-ports8080
On FreeBSD, the rule is:
ipfwaddfwd192.168.1.10,8080tcp\
fromanytoany80viaif0in
On NetBSD and Solaris, the rule is:
echo'rdrif00.0.0.0/0port80->192.168.1.10\
port8080tcp'|ipnat-f-
A.2. Setting ESETS for scanning of FTP communication - transparent
mode
FTP scanning is performed using the esets_ftp daemon. In the [ftp] section of the ESETS
conguration le, set the following parameters:
agent_enabled=yes
listen_addr=”192.168.1.10”
listen_port=2121
In the above example, ‘listen_addr’ is the address of the local network interface named if0.
Restart the ESETS daemon. Then, redirect all FTP requests to esets_ftp. If IP-ltering is being
performed by the ipchains administration tool, an appropriate rule would be:
ipchains-AINPUT-ptcp-iif0--dport21\
-jREDIRECT2121