Solved

redhat 5 ftp forwarding

Posted on 2013-06-24
8
559 Views
Last Modified: 2013-07-11
Hi Experts,

I have a RHEL 5.4 box with 2 NICs, one connected to a network that has a FTP server while the other NIC connected to a internal network. I would like to setup this box such that other boxes in the internal network can access the FTP server. Is there something like FTP forwarding that i can setup on this server?

Thanks.
0
Comment
Question by:nokyplease
  • 5
  • 2
8 Comments
 
LVL 6

Expert Comment

by:Vijay Pratap Singh
ID: 39273579
Internal boxes can also access the same FTP just need to be in same network whats the issue you facing in this?
0
 

Author Comment

by:nokyplease
ID: 39273714
internal boxes cannot access to the subnet that the FTP server locate, other boxes in the internal network can reach the redhat server nic2.

FTP subnet (nic1) ---- RHEL5 ----- internal network (nic2)

the RHEL5 can access to the FTP without problem as it's nic1 is on the FTP subnet. I want to make other servers in the internal network able to access the FTP via RHEL5:-

FTP subnet <---- RHEL5 <----- internal network ----- server A

is there something that i can setup such that serverA can issue a command like "ftp RHEL5" and then it will actually go to the real FTP on the FTP subnet?

Thanks.
0
 

Author Comment

by:nokyplease
ID: 39280061
Anyone ? I am thinking if iptables may work?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:serialband
ID: 39280170
How about running a 2nd FTP server and having it listen on the other IP address?

I'm not on redhat and I don't know which ftp server you're running, but here's what I've done before.  (examples from memory)

cp  -pr /etc/vsftp /etc/vsftp2
sed -i -e 's/IP_1/IP_2/' /etc/vsftp2/vsftpd.conf

cp /etc/init.d/ftp /etc/init.d/ftp2
sed -i -e 's:/etc/vsftp:/etc/vsftp2:g' /etc/init.d/ftp2

/etc/init.d/ftp2 start

I actually had to do this for IPv6.
0
 

Author Comment

by:nokyplease
ID: 39286536
Not sure how a 2nd ftp server can achieve my goal?

To simplify a bit, what I want to setup is to forward any incoming ftp request (port 20 and 21 as the target ftp is active) to the rhel5 to the target ftp server running outside of the internal network.

I think I will need to enable ip forwarding, setup some nat rules and may also need to enable ip masquerade on the interface connecting to the ftp?
0
 
LVL 29

Expert Comment

by:serialband
ID: 39287004
The 2nd server would answer on the internal network ip address, allowing your internal users to access the FTP server.  You can have different rules and setups for the two separate servers.
0
 

Accepted Solution

by:
nokyplease earned 0 total points
ID: 39288497
Hi ,

I managed to setup the forwarding with iptables and nat rules on the RHEL5 box

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 20 -j DNAT --to-destination FTP-Server:20
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j DNAT --to-destination FTP-Server:21

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to RHEL5-NIC2


However, when i issue ftp commands like ls, i got "421 service not available, remote server has closed connection."

please help.
0
 

Author Closing Comment

by:nokyplease
ID: 39316928
To resolve the issue after nat, we can ensure the ip-nat kernel modules are loaded
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question