LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-08-2013, 07:16 AM   #1
SukkoPera
LQ Newbie
 
Registered: Jan 2012
Location: Northern Italy
Distribution: Slackware, what else?
Posts: 15

Rep: Reputation: Disabled
Question Problem with ProFTPD + TLS + NAT


I have setup a ProFTPD server with TLS security behind NAT.

Because of the security, I had to use the PassivePorts and MasqueradeAddress directives to have the server use our public IP address and everything is working great with connections made from the Internet (i.e.: the server advertises the correct IP in the PORT command).

Although, data transfers within our LAN fail, because the PORT command is advertising our public IP intead of the private IP. This seems to be addressed in an HowTo on the officiale ProFTPD site, at http://www.proftpd.org/docs/howto/NAT.html (last question) but the proposed solution does not actually work: setting up a VirtualHost with the private IP will actually catch *all* connections, because of the NAT, thus MasqueradeAddress will not be used.

So: is there any facility to have the ProFTPD always send the right address in PORT commands? I have also looked at pure-ftpd, but it seems it has no such feature either (and even lacks virtual hosts).
 
Old 05-09-2013, 04:28 PM   #2
siremaxus
Member
 
Registered: May 2013
Posts: 75

Rep: Reputation: Disabled
Hello,

Have you tried switching the options?
I mean, a plain ProFTPD and a VirtualHost with masquerade.

Good Luck with this..

Sire Maxus
 
Old 05-10-2013, 01:59 AM   #3
SukkoPera
LQ Newbie
 
Registered: Jan 2012
Location: Northern Italy
Distribution: Slackware, what else?
Posts: 15

Original Poster
Rep: Reputation: Disabled
Yes, but to no avail. I think that since the public IP is "virtual" (I mean that the box never sees it, as none of its ethX interfaces is bearing it), the FTP server has no means of discriminating which IP connections were originally made to.

But it should be very easy to implement a mechanism in the FTP server so that it will choose the IP to use in PORT commands according to the client's IP (i.e. in our case: 192.168.0.0/16 -> Use private, else use public).

Last edited by SukkoPera; 05-10-2013 at 02:00 AM.
 
Old 05-10-2013, 08:46 AM   #4
siremaxus
Member
 
Registered: May 2013
Posts: 75

Rep: Reputation: Disabled
Hello,

Sorry if i can't be more helpful (because I don't use ProFTPD), but I got this crazy idea, but it depends on where your user authentication lies.

What if ProFTPD works in another port (like port 2100) only to serve external ftp requirements, and another FTP (like VSFTPD or another) work for your internal users?

I know it sounds like a hugely horrible hack, but maybe it can help you keep serving your internal and external users while you find a better solution.

Good Luck

Sire Maxus
 
Old 05-10-2013, 09:56 AM   #5
SukkoPera
LQ Newbie
 
Registered: Jan 2012
Location: Northern Italy
Distribution: Slackware, what else?
Posts: 15

Original Poster
Rep: Reputation: Disabled
LOL, that's exactly what I did .

But, as you imply, it's more a workaround rather than a solution.
 
Old 05-10-2013, 10:11 AM   #6
siremaxus
Member
 
Registered: May 2013
Posts: 75

Rep: Reputation: Disabled
Hello,

I guess you will have to take this issue to the ProFTPD forum directly to interact with their resources and developers.
https://forums.proftpd.org/smf/

As I said before, sorry for not being able to help

Good Luck

Sire Maxus
 
Old 05-10-2013, 10:29 AM   #7
SukkoPera
LQ Newbie
 
Registered: Jan 2012
Location: Northern Italy
Distribution: Slackware, what else?
Posts: 15

Original Poster
Rep: Reputation: Disabled
OK, thank you. Your help is anyway appreciated .
 
  


Reply

Tags
ftp, nat, netwoking, proftpd, pureftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Setting Up ProFTPd + TLS On Ubuntu 12.10 LXer Syndicated Linux News 0 04-26-2013 02:41 PM
Proftpd and SSL/TLS mikeheggy Linux - Networking 3 12-19-2008 10:01 AM
LXer: Setting Up ProFTPd + TLS On Debian Etch LXer Syndicated Linux News 1 12-15-2007 01:35 AM
Proftpd+SSL/TLS no folder listing g0ug0u Linux - Software 3 11-30-2007 11:30 AM
Proftpd error 425 after TLS. pdeman2 Linux - Software 7 05-01-2006 08:49 PM


All times are GMT -5. The time now is 11:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration