Solved

ftp proxy reverse

Posted on 2006-06-26
5
1,136 Views
Last Modified: 2012-08-13
Hello.

I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.

Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.

Thanks
0
Comment
Question by:itacyl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16985976
Funnily enough....you can! You probably need frox:

http://frox.sourceforge.net/

Alternatively, you can mount the remote directories into the ftp directory on the local machine as a temporarry measure.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16986002
Also looks as if it should be possible with transproxy:

http://transproxy.sourceforge.net/

(   (()
(`-' _\
 ''  ''
0
 

Author Comment

by:itacyl
ID: 17033681
Hello.

thanks for the answer, but it don't help me :(.

I have done various tests with frox, but none of them works as i want.

I want to do this:

                                                                                                                                                      /------------------
+----------------------+                 LAN      +----------------------+                                               /
| ftp server              |-------------------------| router/firewall    |-----------------------------------|   Internet   a.b.c.d
| 192.168.1.200    |                                 |                               |                                                \
+----------------------+                                +----------------------+                                                 \____________
                                                                         |                                                                            
                                                                         |   DMZ
                                                                         |
                                                                         |
                                                          +----------------------+
                                                           |   Proxy ftp           |
                                                           |192.168.8.250    |  Linux
                                                           +----------------------+

client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21

the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21

I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d

With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.

Any ideas?

thanks and sorry for my poor english.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17035178
You are nuts!

The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:

                                                                                                                            /------------------
+----------------------+                 LAN      +----------------------+                               /
| ftp server              |------------+---- -----| router/firewall       |------------------------|   Internet   a.b.c.d
| 192.168.1.200       |               |             |                            |                              \
+----------------------+               |             +----------------------+                             \____________
                                               |                                                                            
                                               |  
                                               |Also on LAN
                                               |
                                   +----------------------+
                                   |   Proxy ftp             |
                                    |192.168.1.100       |  Linux
                                    +----------------------+

You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17035194
..or you could put both the proxy and the ftp server in the DMZ? The firewall then forwards to the ftp proxy as a virtual server.

The moment that you start trying to forward from the DMZ (orange network) to the internal (green network), then your firewall is not operating in it's normal mode of operation, and that slightly defeats the point of the firewall.

(   (()
(`-' _\
 ''  ''

0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question