Find the answer to your Linux question:
Results 1 to 4 of 4
I am looking for a new angle. I have a web server which is inside my DMZ, the DMZ, yellow zone, is off a 3rd nic of the NAT. I ...
  1. 10-04-2009 #1
    Kumado
    Kumado is offline
    Just Joined! Kumado's Avatar
    Join Date
    Jul 2006
    Posts
    81

    FTP through NAT

    I am looking for a new angle.

    I have a web server which is inside my DMZ, the DMZ, yellow zone, is off a 3rd nic of the NAT.
    I am using vsftp with no anonymous.
    I need to give access to a couple of individuals for file storage.
    I can connect from inside by command line and using FireFTP with FireFox. That is want I want to set up for the user.
    When I try to connect from outside, I can connect from command line fine. When I use FireFox / FireFTP,

    220 "Welcome to the ........ Web FTP service."
    USER xxxxxxx
    331 Please specify the password.
    PASS (password not shown)
    230 Login successful.
    CWD /
    250 Directory successfully changed.
    TYPE A
    200 Switching to ASCII mode.
    PASV

    FireFTP is set to binary upload and download and vsftp is not open to ascii. I tried openning ascii for a test, no luck. Still it works from internal.
    When I use iptraf on the NAT I see the connections and transfer in both directions.
    I am using different machines from there and home.
    I must redirect the outside connection in the nat prerouting tables.
    That is all I can see different between locations.

    I use Suse. As another test, I just tried from my wife's computer, Windows command line, it logs in but then locks when I try to get a directory.

    What am I missing?

    thanks

    Kumado
    Reply With Quote Reply With Quote
  2. 10-05-2009 #2
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,281
    Is ip_conntrack_ftp loaded?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
    Reply With Quote Reply With Quote
  3. 10-05-2009 #3
    HROAdmin26
    HROAdmin26 is offline
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,695
    You can do a Google search for FTP and passive mode. To use passive mode through a NAT'ed firewall, you will need to specify the range of ports used by vsftpd for passive mode and then forward these ports through the firewall to the vsftpd machine.
    Reply With Quote Reply With Quote
  4. 10-06-2009 #4
    Kumado
    Kumado is offline
    Just Joined! Kumado's Avatar
    Join Date
    Jul 2006
    Posts
    81
    Thank you very much for the help and lead. I was able to find more out.

    It works now.

    I found another post that said ip_nat_ftp also needs to be loaded.
    I will add these to my firewall script.
    It bothers me some to open to ftp up. I don't have a lot of time to spend monitoring.
    I want to set up tls and maybe mac address match the individual that needs this set-up.

    If I may ask, lsmod | grep -i ip_conntrack_ftp does not show it loaded after I
    modprobe ip_conntrack_ftp. What else might I be missing?

    I am using Suse 11.0 / 32 minimal graphics ( not near good enough to go shell only - yet )

    Thank you again for your time

    kumado
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...