Clarification on FTP server (web base)

Dear Experts,

I am trying to achieve this scenario but I am little confuse as how it is done.

I have installed a FTP server which is a member of my domain. The server has internal IP address and it is able to access the internet through the gateway IP. The server is installed behind the firewall. I am good to this point.

The server has a feature for file transfer and I need your help to make this work. The idea is when an internal user should access the server via the webbrowser and send files to outside user. The server has a server portal that will generate an email with a link and send it to the outside user. The remote user will receive the email with the link and download the files.

The file sharing tab is where I put information line domain name or IP, email address - that the remote user will see . SMTP address. Does the IP needs to be the public or internal IP and how to define that in the DNS as I have Two DNS server.

In my infrastructure I have 2 DNS server . First DNS is the internal DNS  and 2nd DNS is the DNS used by devices facing the internet.
I am not sure which one shall I populate to make this work.

Lets say my public domain is gts.ca
what shall I put in the domain URL and the change in 1st and 2nd DNS.
SMTP part is clear and the firewall part is clear in which I will map internal ip to public IP that I have.

Thank you for your help.
FILESHARING.JPG
LVL 4
Habib ZakariaNetwork Solutions ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
First off, based on your description, it doesn't seem necessary to have the FTP Service role installed to make this work.

From your description, you have a web portal where your internal users can upload files via their browser.  They then enter some data specific to the external person that should receive an email with a link to the file.

This is all being done via a web application.

What you are missing is a NAT from a public IP Address to your internal server's private IP address.

You will need a router/firewall that supports this functionality.  Most (if not all) modern routers/firewalls support NAT'ing addresses.

Their needs to be a DNS record in your external DNS zone.  That points to the hostname of the website in your external DNS domain.  That is the link that needs to be sent to the external person.

I recommend using a valid URL not an IP address, for the link.

Dan
0
Habib ZakariaNetwork Solutions ArchitectAuthor Commented:
Thank you Dan.

So I will need to define a server hostname in my external DNS : like http://share.domain.com and this will have the public IP that will be mapped using the firewall.

What about the internal IP given to the server? the host name will be defied in the internal DNS. correct?
0
Michael MachieFull-time technical multi-taskerCommented:
The port forward to the IP of the server should suffice for external traffic. No name resolution is actually needed, but you will still want an A record on the internal DNS for routing internal traffic.
0
Michael MachieFull-time technical multi-taskerCommented:
Also, in order to use a name for your links you will need to acquire a public domain name that points to the IP of your external router/firewall. If you don't have those options with your ISP you can use a free DNS service such as No-ip.com or dyndns.com .
I personally use No-ip.com and pay $20 a year for 25 public dns names, but you can get 3 for free.
0
Dan McFaddenSystems EngineerCommented:
You will need the following configuration in place:

From outside in:
1. public DNS A Record
  1a. a hostname like share.domain.com, as you stated
  1b. a valid public Internet address for the DNS entry, that points to the host in 1a.

On the inside:
2. an internal (private) IP address
3. an internal DNS entry pointing to the internal IP of the server
4. on your router/firewall, you need to configure either Port Fowarding (as mentioned by Machienet) or if your router/firewall supports Network Address Translation (NAT) configure the external IP to point to the internal IP in #2
5. In either scenario, TCP ports 80 & 443 should be allowed to the web server.

Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.