ftp proxy reverse

Hello.

I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.

Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.

Thanks
itacylAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
pjedmondConnect With a Mentor Commented:
..or you could put both the proxy and the ftp server in the DMZ? The firewall then forwards to the ftp proxy as a virtual server.

The moment that you start trying to forward from the DMZ (orange network) to the internal (green network), then your firewall is not operating in it's normal mode of operation, and that slightly defeats the point of the firewall.

(   (()
(`-' _\
 ''  ''

0
 
pjedmondCommented:
Funnily enough....you can! You probably need frox:

http://frox.sourceforge.net/

Alternatively, you can mount the remote directories into the ftp directory on the local machine as a temporarry measure.

(   (()
(`-' _\
 ''  ''
0
 
pjedmondCommented:
Also looks as if it should be possible with transproxy:

http://transproxy.sourceforge.net/

(   (()
(`-' _\
 ''  ''
0
 
itacylAuthor Commented:
Hello.

thanks for the answer, but it don't help me :(.

I have done various tests with frox, but none of them works as i want.

I want to do this:

                                                                                                                                                      /------------------
+----------------------+                 LAN      +----------------------+                                               /
| ftp server              |-------------------------| router/firewall    |-----------------------------------|   Internet   a.b.c.d
| 192.168.1.200    |                                 |                               |                                                \
+----------------------+                                +----------------------+                                                 \____________
                                                                         |                                                                            
                                                                         |   DMZ
                                                                         |
                                                                         |
                                                          +----------------------+
                                                           |   Proxy ftp           |
                                                           |192.168.8.250    |  Linux
                                                           +----------------------+

client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21

the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21

I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d

With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.

Any ideas?

thanks and sorry for my poor english.
0
 
pjedmondCommented:
You are nuts!

The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:

                                                                                                                            /------------------
+----------------------+                 LAN      +----------------------+                               /
| ftp server              |------------+---- -----| router/firewall       |------------------------|   Internet   a.b.c.d
| 192.168.1.200       |               |             |                            |                              \
+----------------------+               |             +----------------------+                             \____________
                                               |                                                                            
                                               |  
                                               |Also on LAN
                                               |
                                   +----------------------+
                                   |   Proxy ftp             |
                                    |192.168.1.100       |  Linux
                                    +----------------------+

You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.

(   (()
(`-' _\
 ''  ''
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.