[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

FTP Relay or Proxy Server?

Posted on 2009-02-11
5
Medium Priority
?
2,337 Views
Last Modified: 2013-12-02
Hi there,

We want to migrate in real time to a new FTP server (with a different IP address) from an old one. This is always difficult because there are thousands of users and their DNS doesn't refresh properly. If we shut down the server, there are complaints of unavailability.

What we want is an FTP server that acts as a relay to another FTP server. Kind of like a proxy server. If a user connects to this "relay" server, then it is in fact just passing all the details- Username, password, etc, to the new server and retrieves it for the user.

I don't think that what are currently known as "FTP proxy servers" (as they are commonly thought of) are what we need. I think those are just to relay connections over a corporate firewall.

Or am I mistaken?

How can I solve this issue? Are there any similar products available? The particular server in question is Windows-based.
0
Comment
Question by:the_cyman
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 1500 total points
ID: 23623991
Why not just get a firewall and do NAT (or anything else that can do NAT) to the real FTP server on the back end?

Depending on "where" your new firewall is, you may have to nat the clients IP address also.


Client    <---------> FW <-----------> FTP Server
1.1.1.1       2.2.2.2         3.3.3.3          4.4.4.4

The client ftp's to 2.2.2.2, the FW NAT's 2.2.2.2 to 4.4.4.4 and also nat's 1.1.1.1 to 3.3.3.3.  This way the firewall thinks it talking to 3.3.3.3 and sends all the traffic back to it.

You will need something that is FTP aware for the  NAT'ing so that it can change the IP address inside some of the FTP commands (PORT and PASV).  But most real firewalls are ftp aware and will do this.
0
 

Author Comment

by:the_cyman
ID: 23674028
Could I use this to redirect traffic to an external FTP site? (An external IP)

I don't think so but just curious.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23674416
Well, I'm not sure what you mean.  I would need to know more details.  What I will say is that in my diagram I do not show where the "Internet" is, because it does not matter.

In my diagram the client could be on your private network and the server on the Internet, or the server could be on your private network and the client on the Internet, or both could be in different parts (must be on different IP subnets) of the same private network.

Now, if you want both the client and server on the public Internet, yes it could be done, but I have no clue why you would want to do that.
0
 

Author Comment

by:the_cyman
ID: 24179744
Well, there's situation:
We have a public FTP server on the Internet in Montreal with 3 TB of constantly changing data.

Now, it must have 99.999% uptime, and some clients (unfortunately) connect by IP.

We want to migrate the FTP server to our bigger DC in Chicago. We cannot possibly contact every client at once, so we need to somehow forward all the traffic going to the old IP to the new IP.

The easiest way would be a "proxy" of some sort that will redirect the FTP traffic, or that will just interact with the other FTP server.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1500 total points
ID: 24179823
You would need to find transparent ftp proxy server, I'm sure they exist, but I have never needed one so I can't recommend one.

One possible problem will be is that the traffic is going to go customer - Montreal - Chicago - Montreal - Customer.

I'm trying think, but you might be able to have a VPN connection between a box in Montreal and a box in Chicago that uses private IP addressing on the VPN tunnel.  Then have the box in Montreal NAT the current public IP address to the private IP address of the box in Chicago.  However it will also need to do NAT of the customers IP address to its own private so that Chicago routes the traffic back to Montreal.  Basically the customer thinks the ftp server is still in Montreal, and the Chicago box thinks all of the ftp sessions are coming from a single computer, your in Montreal.

As you migrate customers to the new server the would use the new server's public IP address.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Goal:  To set up a secure SSH server for your home computer to make it accessible anywhere AND to use it as a port forwarding proxy. Steps 1.  WinSSHD version 5 is free for personal use.  So download and install it.  You can download it from the…
Determining the an SCCM package name from the Package ID
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question