Solved

ftp proxy reverse

Posted on 2006-06-26
5
1,126 Views
Last Modified: 2012-08-13
Hello.

I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.

Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.

Thanks
0
Comment
Question by:itacyl
  • 4
5 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16985976
Funnily enough....you can! You probably need frox:

http://frox.sourceforge.net/

Alternatively, you can mount the remote directories into the ftp directory on the local machine as a temporarry measure.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16986002
Also looks as if it should be possible with transproxy:

http://transproxy.sourceforge.net/

(   (()
(`-' _\
 ''  ''
0
 

Author Comment

by:itacyl
ID: 17033681
Hello.

thanks for the answer, but it don't help me :(.

I have done various tests with frox, but none of them works as i want.

I want to do this:

                                                                                                                                                      /------------------
+----------------------+                 LAN      +----------------------+                                               /
| ftp server              |-------------------------| router/firewall    |-----------------------------------|   Internet   a.b.c.d
| 192.168.1.200    |                                 |                               |                                                \
+----------------------+                                +----------------------+                                                 \____________
                                                                         |                                                                            
                                                                         |   DMZ
                                                                         |
                                                                         |
                                                          +----------------------+
                                                           |   Proxy ftp           |
                                                           |192.168.8.250    |  Linux
                                                           +----------------------+

client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21

the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21

I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d

With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.

Any ideas?

thanks and sorry for my poor english.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17035178
You are nuts!

The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:

                                                                                                                            /------------------
+----------------------+                 LAN      +----------------------+                               /
| ftp server              |------------+---- -----| router/firewall       |------------------------|   Internet   a.b.c.d
| 192.168.1.200       |               |             |                            |                              \
+----------------------+               |             +----------------------+                             \____________
                                               |                                                                            
                                               |  
                                               |Also on LAN
                                               |
                                   +----------------------+
                                   |   Proxy ftp             |
                                    |192.168.1.100       |  Linux
                                    +----------------------+

You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17035194
..or you could put both the proxy and the ftp server in the DMZ? The firewall then forwards to the ftp proxy as a virtual server.

The moment that you start trying to forward from the DMZ (orange network) to the internal (green network), then your firewall is not operating in it's normal mode of operation, and that slightly defeats the point of the firewall.

(   (()
(`-' _\
 ''  ''

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now