itacyl
asked on
ftp proxy reverse
Hello.
I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.
Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.
Thanks
I have a vsftp on a linux box in the DMZ. This machine have not enough disk space and i want move the server to another machine inside the LAN.
Is there any way to configure a ftp proxy reverse (like a squid reverse)? I want the proxy listen and forward FTP calls from the internet on behalf of the "hidden" ftp server.
Thanks
Also looks as if it should be possible with transproxy:
http://transproxy.sourceforge.net/
( (()
(`-' _\
'' ''
http://transproxy.sourceforge.net/
( (()
(`-' _\
'' ''
ASKER
Hello.
thanks for the answer, but it don't help me :(.
I have done various tests with frox, but none of them works as i want.
I want to do this:
/------------------
+----------------------+ LAN +----------------------+ /
| ftp server |------------------------- | router/firewall |------------------------- ---------- | Internet a.b.c.d
| 192.168.1.200 | | | \
+----------------------+ +----------------------+ \____________
|
| DMZ
|
|
+----------------------+
| Proxy ftp |
|192.168.8.250 | Linux
+----------------------+
client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21
the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21
I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d
With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.
Any ideas?
thanks and sorry for my poor english.
thanks for the answer, but it don't help me :(.
I have done various tests with frox, but none of them works as i want.
I want to do this:
/------------------
+----------------------+ LAN +----------------------+ /
| ftp server |-------------------------
| 192.168.1.200 | | | \
+----------------------+ +----------------------+ \____________
|
| DMZ
|
|
+----------------------+
| Proxy ftp |
|192.168.8.250 | Linux
+----------------------+
client a.b.c.d make a ftp to e.f.g.h (public IP for ftp proxy)
a.b.c.d -> e.f.g.h:21
the router/firewall make static nat (e.f.g.h <-> 192.168.8.250)
router/firewall not support protocol based routing, only source/destination based routing
a.b.c.d -> 192.168.8.250:21
I want the proxy ftp start a conexion to ftp server (like a apache with mod_proxy or squid proxy reverse)
192.168.8.250 -> 192.168.1.200:21
192.168.1.200:21 -> 192.168.8.250
192.168.8.250:21 -> a.b.c.d
e.f.g.h:21 -> a.b.c.d
With FROX the packet must arrive at the FTP/PROXY with the IP of the ftp server.
Any ideas?
thanks and sorry for my poor english.
You are nuts!
The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:
/------------------
+----------------------+ LAN +----------------------+ /
| ftp server |------------+---- -----| router/firewall |------------------------| Internet a.b.c.d
| 192.168.1.200 | | | | \
+----------------------+ | +----------------------+ \____________
|
|
|Also on LAN
|
+----------------------+
| Proxy ftp |
|192.168.1.100 | Linux
+----------------------+
You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.
( (()
(`-' _\
'' ''
The whole point of using a DMZ is that it is impossible (or at least suppost to be impossible) to connect to the internal network from the DMZ. As a result, unless you want to start redesigning firewalls, then this approach is never going to work! What you should be doing is:
/------------------
+----------------------+ LAN +----------------------+ /
| ftp server |------------+---- -----| router/firewall |------------------------|
| 192.168.1.200 | | | | \
+----------------------+ | +----------------------+ \____________
|
|
|Also on LAN
|
+----------------------+
| Proxy ftp |
|192.168.1.100 | Linux
+----------------------+
You then forwatd to the proxy ftp as a virtual server. Alternatively, you could colocate the ftp proxy on the firewall, depending on the firewall being used.
( (()
(`-' _\
'' ''
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://frox.sourceforge.net/
Alternatively, you can mount the remote directories into the ftp directory on the local machine as a temporarry measure.
( (()
(`-' _\
'' ''