Solved

ftp proxy reverse

Posted on 2006-06-26
5
1,130 Views
Last Modified: 2012-08-13
Hello.

I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.

Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.

Thanks
0
Comment
Question by:itacyl
  • 4
5 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16985976
Funnily enough....you can! You probably need frox:

http://frox.sourceforge.net/

Alternatively, you can mount the remote directories into the ftp directory on the local machine as a temporarry measure.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16986002
Also looks as if it should be possible with transproxy:

http://transproxy.sourceforge.net/

(   (()
(`-' _\
 ''  ''
0
 

Author Comment

by:itacyl
ID: 17033681
Hello.

thanks for the answer, but it don't help me :(.

I have done various tests with frox, but none of them works as i want.

I want to do this:

                                                                                                                                                      /------------------
+----------------------+                 LAN      +----------------------+                                               /
| ftp server              |-------------------------| router/firewall    |-----------------------------------|   Internet   a.b.c.d
| 192.168.1.200    |                                 |                               |                                                \
+----------------------+                                +----------------------+                                                 \____________
                                                                         |                                                                            
                                                                         |   DMZ
                                                                         |
                                                                         |
                                                          +----------------------+
                                                           |   Proxy ftp           |
                                                           |192.168.8.250    |  Linux
                                                           +----------------------+

client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21

the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21

I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d

With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.

Any ideas?

thanks and sorry for my poor english.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17035178
You are nuts!

The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:

                                                                                                                            /------------------
+----------------------+                 LAN      +----------------------+                               /
| ftp server              |------------+---- -----| router/firewall       |------------------------|   Internet   a.b.c.d
| 192.168.1.200       |               |             |                            |                              \
+----------------------+               |             +----------------------+                             \____________
                                               |                                                                            
                                               |  
                                               |Also on LAN
                                               |
                                   +----------------------+
                                   |   Proxy ftp             |
                                    |192.168.1.100       |  Linux
                                    +----------------------+

You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.

(   (()
(`-' _\
 ''  ''
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17035194
..or you could put both the proxy and the ftp server in the DMZ? The firewall then forwards to the ftp proxy as a virtual server.

The moment that you start trying to forward from the DMZ (orange network) to the internal (green network), then your firewall is not operating in it's normal mode of operation, and that slightly defeats the point of the firewall.

(   (()
(`-' _\
 ''  ''

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to rebuild XFS volume from LV 19 65
linux redhat 7.2 10 74
how can I get a RHEL kickstart file to attach a specific red hat network subscription ? 9 49
linux 13 50
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question