Solved

ftp proxy reverse

Posted on 2006-06-26
5
1,135 Views
Last Modified: 2012-08-13
Hello.

I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.

Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.

Thanks
0
Comment
Question by:itacyl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16985976
Funnily enough....you can! You probably need frox:

http://frox.sourceforge.net/

Alternatively, you can mount the remote directories into the ftp directory on the local machine as a temporarry measure.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16986002
Also looks as if it should be possible with transproxy:

http://transproxy.sourceforge.net/

(   (()
(`-' _\
 ''  ''
0
 

Author Comment

by:itacyl
ID: 17033681
Hello.

thanks for the answer, but it don't help me :(.

I have done various tests with frox, but none of them works as i want.

I want to do this:

                                                                                                                                                      /------------------
+----------------------+                 LAN      +----------------------+                                               /
| ftp server              |-------------------------| router/firewall    |-----------------------------------|   Internet   a.b.c.d
| 192.168.1.200    |                                 |                               |                                                \
+----------------------+                                +----------------------+                                                 \____________
                                                                         |                                                                            
                                                                         |   DMZ
                                                                         |
                                                                         |
                                                          +----------------------+
                                                           |   Proxy ftp           |
                                                           |192.168.8.250    |  Linux
                                                           +----------------------+

client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21

the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21

I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d

With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.

Any ideas?

thanks and sorry for my poor english.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17035178
You are nuts!

The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:

                                                                                                                            /------------------
+----------------------+                 LAN      +----------------------+                               /
| ftp server              |------------+---- -----| router/firewall       |------------------------|   Internet   a.b.c.d
| 192.168.1.200       |               |             |                            |                              \
+----------------------+               |             +----------------------+                             \____________
                                               |                                                                            
                                               |  
                                               |Also on LAN
                                               |
                                   +----------------------+
                                   |   Proxy ftp             |
                                    |192.168.1.100       |  Linux
                                    +----------------------+

You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17035194
..or you could put both the proxy and the ftp server in the DMZ? The firewall then forwards to the ftp proxy as a virtual server.

The moment that you start trying to forward from the DMZ (orange network) to the internal (green network), then your firewall is not operating in it's normal mode of operation, and that slightly defeats the point of the firewall.

(   (()
(`-' _\
 ''  ''

0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question