FTP Relay or Proxy Server?

Posted on 2009-02-11
Last Modified: 2013-12-02
Hi there,

We want to migrate in real time to a new FTP server (with a different IP address) from an old one. This is always difficult because there are thousands of users and their DNS doesn't refresh properly. If we shut down the server, there are complaints of unavailability.

What we want is an FTP server that acts as a relay to another FTP server. Kind of like a proxy server. If a user connects to this "relay" server, then it is in fact just passing all the details- Username, password, etc, to the new server and retrieves it for the user.

I don't think that what are currently known as "FTP proxy servers" (as they are commonly thought of) are what we need. I think those are just to relay connections over a corporate firewall.

Or am I mistaken?

How can I solve this issue? Are there any similar products available? The particular server in question is Windows-based.
Question by:the_cyman
    LVL 57

    Accepted Solution

    Why not just get a firewall and do NAT (or anything else that can do NAT) to the real FTP server on the back end?

    Depending on "where" your new firewall is, you may have to nat the clients IP address also.

    Client    <---------> FW <-----------> FTP Server

    The client ftp's to, the FW NAT's to and also nat's to  This way the firewall thinks it talking to and sends all the traffic back to it.

    You will need something that is FTP aware for the  NAT'ing so that it can change the IP address inside some of the FTP commands (PORT and PASV).  But most real firewalls are ftp aware and will do this.

    Author Comment

    Could I use this to redirect traffic to an external FTP site? (An external IP)

    I don't think so but just curious.
    LVL 57

    Expert Comment

    Well, I'm not sure what you mean.  I would need to know more details.  What I will say is that in my diagram I do not show where the "Internet" is, because it does not matter.

    In my diagram the client could be on your private network and the server on the Internet, or the server could be on your private network and the client on the Internet, or both could be in different parts (must be on different IP subnets) of the same private network.

    Now, if you want both the client and server on the public Internet, yes it could be done, but I have no clue why you would want to do that.

    Author Comment

    Well, there's situation:
    We have a public FTP server on the Internet in Montreal with 3 TB of constantly changing data.

    Now, it must have 99.999% uptime, and some clients (unfortunately) connect by IP.

    We want to migrate the FTP server to our bigger DC in Chicago. We cannot possibly contact every client at once, so we need to somehow forward all the traffic going to the old IP to the new IP.

    The easiest way would be a "proxy" of some sort that will redirect the FTP traffic, or that will just interact with the other FTP server.
    LVL 57

    Assisted Solution

    You would need to find transparent ftp proxy server, I'm sure they exist, but I have never needed one so I can't recommend one.

    One possible problem will be is that the traffic is going to go customer - Montreal - Chicago - Montreal - Customer.

    I'm trying think, but you might be able to have a VPN connection between a box in Montreal and a box in Chicago that uses private IP addressing on the VPN tunnel.  Then have the box in Montreal NAT the current public IP address to the private IP address of the box in Chicago.  However it will also need to do NAT of the customers IP address to its own private so that Chicago routes the traffic back to Montreal.  Basically the customer thinks the ftp server is still in Montreal, and the Chicago box thinks all of the ftp sessions are coming from a single computer, your in Montreal.

    As you migrate customers to the new server the would use the new server's public IP address.


    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Problem: Windows 32bit running out of paging space. Solution: Add additional page files on separate partitions. Background: By default Windows creates only one page file on the partition you install Windows on. You may know that the maximu…
    Samba is the de-facto standard program (or, more correctly: suite of programs) that UNIX and Linux systems use to share files with Microsoft Windows (and more recently, Mac OS-X) systems. Currently, there are 2 common versions of Samba available,…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now