Question about multiple ftp servers
I have a question or looking for suggestions. For a while now we have had 1ftp server and using proxy suite to proxy it. Very simple to set up. Now I am at a lost when trying to add a ftp 2nd server. Can I have multiple DestinationAddress? any help will be very much appreciated. here is what my conf looks like [-Global-] ServerType standalone LogDestination /var/log/ftp-proxy.log Listen 127.0.0.1 Listen xxx.xxx.xxx.xxx AllowTransProxy no AllowMagicUser yes UseMagicChar % PortResetsPasv yes DestinationTransferMode passive DestinationAddress xxx.xxx.xxx.xxx
On Wed, May 14, 2003 at 09:17:02AM -0400, Brian.Harrell@dca.state.fl.us wrote:
I have a question or looking for suggestions. For a while now we have had 1ftp server and using proxy suite to proxy it. Very simple to set up. Now I am at a lost when trying to add a ftp 2nd server. Can I have multiple DestinationAddress? any help will be very much appreciated.
No - the proxy has no direct suppport for multiple destinations in inbound mode. But you can do it using transparent proxy: AllowMagicUser no AllowTransProxy yes DestinationAddress default-ftp-server # optional Of course, its limited because you have to be able to setup the rules. You have lost, if you have to handle clients from internet and you have only one official IP... Its required to have the proxy on a gateway between the clients and ftp-servers - for example: CLIENT NET / INTERNET | proxy / \ / \ ftp1 ftp2 ftpN Here a sample Chain (you don't realy require an extra chain) for iptables: iptables -t nat -N ftp-pool iptables -t nat -A ftp-pool -d ftp1-ip -j REDIRECT iptables -t nat -A ftp-pool -d ftp2-ip -j REDIRECT # [...] iptables -t nat -A ftp-pool -j DROP iptables -t nat -A PREROUTING -p tcp --dport 21 -j ftp-pool The proxy reads the original destination the client wanted from NAT tables (iptables, BSD nat and pf filter supported). You can use DNS round-robin for ftp-server IPs if you want. See also ftp-proxy/TransProxy-Mini-Howto.txt file.
here is what my conf looks like
[-Global-] ServerType standalone LogDestination /var/log/ftp-proxy.log Listen 127.0.0.1 Listen xxx.xxx.xxx.xxx AllowTransProxy no AllowMagicUser yes ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Huh? MagicUser in "inbound" mode? I hope you know what you are doing and you have setup your ip filter, etc correctly... MagicUser allows the user to override the destination address inside of the ftp USER command.
UseMagicChar % PortResetsPasv yes DestinationTransferMode passive DestinationAddress xxx.xxx.xxx.xxx
Kind regards,
Marius Tomaschewski
participants (2)
-
Brian.Harrell@dca.state.fl.us
-
Marius Tomaschewski