proxy and desitnation on the same host
Hi, I am trying to setup ftp-proxy on multiple hosts on port 21 The main ftp server (pure-ftpd) is also running on the same hosts on port 211 The idea is that the user may connect to any ftp server and get proxied to the correct one via LDAP lookups. The destination server may or may not be publicly reachable. All is working fine if user's destination is serverY and he connected to serverX but if user's destination is server Y and he connects to serverY the login is ok, but the user cannot see no data Gets an "425 Can't open data connection." message Is this a limitation of I have misconfigured the ftp proxy/server. best regards and thanks in advance __EXAMPLE__ In this example the user's destination server is mars and destination port is 211 -- connecting to venus bash$ ftp venus Connected to venus. 220 venus FTP server (Version 1.8 - 2002/01/14 20:09:00) ready. Name (venus:atif): dwebster@cnetwork.ispman.net 331 User dwebster@cnetwork.ispman.net OK. Password required Password: 230-User dwebster@cnetwork.ispman.net has group access to: 1003 230-This server supports FXP transfers 230 OK. Current restricted directory is / ftp> ls 200 PORT command successful. 150 Connecting to port 32796 . .. public_html x y z 226-Options: -a 226 6 matches total 29 bytes received in 0.023 seconds (1.22 Kbytes/s) -- connecting to mars bash$ ftp mars Connected to mars. 220 mars FTP server (Version 1.8 - 2002/01/14 20:09:00) ready. Name (mars:atif): dwebster@cnetwork.ispman.net 331 User dwebster@cnetwork.ispman.net OK. Password required Password: 230-User dwebster@cnetwork.ispman.net has group access to: 1003 230-This server supports FXP transfers 230 OK. Current restricted directory is / ftp> ls 200 PORT command successful. 425 Can't open data connection.
On Wed, Jul 30, 2003 at 08:41:20PM +0200, Atif Ghaffar wrote:
Hi,
Hi!
I am trying to setup ftp-proxy on multiple hosts on port 21 The main ftp server (pure-ftpd) is also running on the same hosts on port 211
The idea is that the user may connect to any ftp server and get proxied to the correct one via LDAP lookups. The destination server may or may not be publicly reachable.
All is working fine if
user's destination is serverY and he connected to serverX
but if
user's destination is server Y and he connects to serverY the login is ok, but the user cannot see no data Gets an "425 Can't open data connection." message
FTP servers defaults to bind to port 20 for data transfers
(server:20 --> client:random, where as far I remember, the
client "random" port defaults to the client's control port).
If you run multiple servers (with active transfers) on one
host, you have to change the port to be different for each
server - this may be not configureable on the server.
The proxy is using port 20 as well (proxy:20 -> client)
if it runs with uid 0 or a random port while uid != 0.
See the User, Group, ServerRoot config options and the
sample init-script as well.
You can also specify an active port (range), the proxy has
to use via ActiveMinDataPort / ActiveMaxDataPort options.
You may set the "SockBindRand yes" option as well.
Further you can configure the proxy to use passive transfers
to the server via "DestinationTransferMode passive", so the
server does not need to use active connections at all
(except it is connected/recheable directly by clients).
Kind regards,
Marius Tomaschewski
Thanks for the tips. I eventually went using 2 machines as the gateway and the main FTP servers behinds. I have to deploy on another network where I will try your recommendations and will report them to the list. best regards. Atif Ghaffar Marius Tomaschewski wrote:
On Wed, Jul 30, 2003 at 08:41:20PM +0200, Atif Ghaffar wrote:
Hi,
Hi!
I am trying to setup ftp-proxy on multiple hosts on port 21 The main ftp server (pure-ftpd) is also running on the same hosts on port 211
The idea is that the user may connect to any ftp server and get proxied to the correct one via LDAP lookups. The destination server may or may not be publicly reachable.
All is working fine if
user's destination is serverY and he connected to serverX
but if
user's destination is server Y and he connects to serverY the login is ok, but the user cannot see no data Gets an "425 Can't open data connection." message
FTP servers defaults to bind to port 20 for data transfers (server:20 --> client:random, where as far I remember, the client "random" port defaults to the client's control port).
If you run multiple servers (with active transfers) on one host, you have to change the port to be different for each server - this may be not configureable on the server.
The proxy is using port 20 as well (proxy:20 -> client) if it runs with uid 0 or a random port while uid != 0. See the User, Group, ServerRoot config options and the sample init-script as well. You can also specify an active port (range), the proxy has to use via ActiveMinDataPort / ActiveMaxDataPort options. You may set the "SockBindRand yes" option as well.
Further you can configure the proxy to use passive transfers to the server via "DestinationTransferMode passive", so the server does not need to use active connections at all (except it is connected/recheable directly by clients).
Kind regards, Marius Tomaschewski
-- SuSE Linux AG, Nürnberg -- Product Developement PGP public key on: http://www.suse.de/~mt/mt.pgp DF17 271A AD15 006A 5BB9 6C96 CA2F F3F7 373A 1CC0 --------------------------------------------------------------------- To unsubscribe, e-mail: proxy-suite-unsubscribe@suse.com For additional commands, e-mail: proxy-suite-help@suse.com
participants (2)
-
Atif Ghaffar
-
Marius Tomaschewski