Author Topic: FTP server behind firewall  (Read 705 times)

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
FTP server behind firewall
« on: 30 September 2002, 01:11 »
How would i go about getting an FTP server running behind my proxy/firewall. I setup an FTP server on my server but then realized that it cant fit what i want someone to FTP to me. So i need to run an FTP server (proFTPD) on my slackware machine somehow.
Is there anyway to get ipchains to redirect packets to port 21(and/or 20?) to an IP address in my LAN?
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
FTP server behind firewall
« Reply #1 on: 30 September 2002, 05:52 »
Yes, most definitely. Just forward port 21 (udp/tcp) from your internal machine to your external interface. You will need to shut FTP off on your external machine as you can't have both bound to port 21 on your external interface at the same time.

Only problem is, I do this on a really old version of ipchains which used the "ipportfw" command. Newer versions of ipchains and iptables for the 2.4 kernel has commands built in to handle this. You might do some searching for examples like this:

http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-4.html
Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
FTP server behind firewall
« Reply #2 on: 30 September 2002, 06:15 »
I am using ipchains and i cant have "-d" flag twice in one line so i cant do:
ipchains -A input -s 0/0 -p tcp -d 205.92.81.80 ftp -j REDIRECT -d 192.168.0.4
(my IP address is changed of course).
*sigh* It looks like i might have to try and go back to iptables.

[ September 29, 2002: Message edited by: The Master of Reality / Bob ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
FTP server behind firewall
« Reply #3 on: 30 September 2002, 07:32 »
I don't want to say you can't do it with ipchains in the 2.4 kernel but I can certainly say what you are trying to do will not work. You do not want two destinations. There is a special function of ipchains/tables for port forwarding.

It looks like in the newer 2.4 kernels you at least need to have the "ipfwadm" command installed (which you probably do) and the first parameter to that command would be "portfw". Like I said, I am using an older 2.2 kernel on my firewall and I still use the "ipmasqadm" command for this. And example I use to forward VNC ports to an internal machine:

Code: [Select]

The x.x.x.x above is my pulic IP address (outside address).

The ipfwadm might work but I haven't really messed with it. It does seem to work with ipchains and I have seen examples for port forwarding using that command and they are identical to the "ipmasqadm" commands I have in my example above, except the examples do not show the "-a" parameter that I have in my example. They are really trying to ditch ipchains in favor of iptables in 2.4+ kernels. I would suggest learning iptables instead if you can't get ipchains working with ipfwadm.

[ September 29, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...