What I want to do is to connect to a server A (connected to a public IP) and forward the FTP connexion to server B (Connected to another public IP).
CLIENT ==>Debian SERVER A===> Debian SERVER B with ProFTPD
Passive FTP uses two ports, 21 that carries the commands and any port from about 30000 to 65000 to transfer data.
When the client reaches the final FTP server (server B) it has the IP of the server A (as the client IP was Nated y server A), the server B answers with the port number to use for data transfer, this answer goes through A server then to the client.... At this moment the client knows what port to use for data transfer and try to connect to this port.
The problem is that the client instead of connecting to the server A that would forward to the server B, it goes directly into the B server which, of course, does not know what it wants as the IP is different from the server A (that Nated the client IP) to which it answered earlier.
How is it possible to have the client connect to the data port through the same path (Client ==>Server ==>A ==> Server B) ?
Does anybody as a solution for that problem?
For your info the server is a Debian Lenny
nf_conntrack and nf_conntrack_ftp are enabled
ip forwarding is enabled too
IPtables are: (the firewall is open when testing)
Code:
-A PREROUTING -p tcp -m tcp -d Server A -i eth0 --dport 21 -j DNAT --to-destination Server B
-A POSTROUTING -p tcp -m tcp -o eth0 --dport 21 -j MASQUERADE
-A PREROUTING -p tcp -m tcp -m state --dport 30000:65534 --state RELATED -j DNAT --to-destination Server B:30000-65534
-A POSTROUTING -p tcp -m tcp -m state -o eth0 --dport 30000:65534 --state RELATED -j MASQUERADE
Also for your information, with this configuration, I could make it work perfectly on 2 servers (I have 3 servers on 3 different public network), but one of the server (the one I want it to work!) is not working properly. For example, if I browse the FTP with Firefox it works perfectly. If I use Filezilla it does not browse folders & files. If I use my iPhone FTP application with my Wifi connection it works, if I use the same one with the G3 (telephone) connexion it does not.
Since this server is in a data center I thought that maybe the data center does not have a transparent connexion, so I asked them to verify. But they are sure not to go through firewall, my server is connected directly to Internet.
I have tried all solution, spent several days, this is why I need help...and I thank you from the bottom of my heart in advance.
Moderator's Comments:
Please refrain writing the subject all upper case and the whole post completely bold formatted to gain more attention. Also use code tags, see PM.
Last edited by zaxxon; 02-16-2012 at 09:39 AM..
Reason: subject and post font, code tags
If you could do transfers in active mode instead of passive, it wouldn't be a random port, it'd be port 20. You could forward it the same way you forwarded port 21.
---------- Post updated at 05:01 PM ---------- Previous update was at 04:59 PM ----------
Alternately, you can tell proftpd to use a specific port range for its passive ports, so you're not stuck forwarding the entire 32K-64K range. Just pick 128 ports or something <32768 (not greater, we don't want randomly chosen ports to interfere) and forward the entire range the same way you forwarded port 21.
Thank you for your answer.
I know but this is a public server, in fact our server is in a data center but all our images, that we offer for download, are on our server at our office. Because of the amount of data we cannot transfer all the images from our office to the data center server. This is why we need this forward...
HI Guys,
I want to download files from FTP Server to my Unix server.
I have tried , buy No Luck .
Below Command i have tried.
1-Wget - Error "wget' not found"
2.ftp -n $HOST ...Not Working.
3.scp -i ftp://user:passowrd@hostname:21/ran/on/test.txt
Any Suggestion (2 Replies)
We have RHEL 5.8 in our environment, I had a query whether we can implement an FTP server using vsftpd package and Linux configurations like setsebool without using any external FTP clients like FileZilla etc. I am very confused on this. The FTP functionalities that should be present are download &... (3 Replies)
Hi,
I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Hello All,
I am trying to connect to ftp server and get the files. Also i need to rename the file in other ftp dir.
rename method is not allowing me to rename the file in other dir. When i tried copy command by using net::FTP:FILE then perl says it is not installed.
Can some body help me to... (2 Replies)
Hi All,
I need your expertise in finding a way to solve my problem.Please excuse if this is not the right forum to ask this question and guide me to the correct forum,if possible.
I am a DBA and on a daily basis i have to ftp huge dump files from my company server to my laptop and then... (3 Replies)
Guys,
Need your help coz my server runs in local time GMT +8, but when client use ftp and login, the resulting timestamp seen in each file is in UTC format. We need to set that the time should be the same as GMT +8 when in ftp session.
I am using RHEL 5.3.
root@]# ll
total 1740... (2 Replies)
Hi,
I need to copy few files from remote server to local server.
I write a shell script to connect to the remote server using ftp and go to that path. Now i need to copy those files in the remote directory to my local server with the timestamp of all those files shouldnt be changed.
... (5 Replies)
Hello there,
I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture...
Client Server1 | Server2
------- ------- | -------
|...... | |...... | | |...... ... (2 Replies)
I have the following ftp script to get files from a remote location.
However, on running the script I find that I am not even able to connect to ftp server.
I am able to connect to ftp server using other GUI ftp tools like WS_FTP using the same IP.
IP used here is a dummy IP.
What can go... (3 Replies)
12-22-2011
