Hi,

We have a ftp server which is running on public ip and out side of firewall.
Users out side of our network and users of our local network both using the same public ip and doing upload and downloading.
Last few days we are facing bandwidth problem as internal network users increased.

We want setup ftp server with 2 ips as follows.

Internal users will use private IP
users out side network will use public Ip.

Is there any procedure available to configure same machine with private and public ips.

please help me sort out this issue.:

Thanks in advance.

Yes, either with 2 NICs or a second virtual IP address on the same NIC, but you shouldn't need to do this. The traffic from the LAN should be routed to your FTP server and not go out on the internet, except maybe for DNS traffic.

We have 2 nics in ftp server.If we assign private and public ip to each nic;then where should i put my ftp server that means behind firewall or out side of the firewall.
pls suggest me.

The ftp server should be in the DMZ. The computer or device with the two interfaces should be the firewall between the DMZ and the LAN.
The route table in the DMZ/LAN firewall will route LAN users to the FTP server. If you don't have a firewall between the DMZ zone and the internet, then you could have a second NIC for the internet connection.

We already have ftp server connected in DMZ which is having public ip assigned to one of its NIC to access internet.
If i give local lan ip (private ip) to another NIC,can local LAN people can access it by using private ip.
I want to setup local LAN users should do ftp by using private ip and internet users should do ftp using public ip.
is it possible.pls suggest me.

Thanks

The firewall/router between the FTP server and the LAN can connect to the public interface. If you don't have the ftp server between two firewalls, then you could use a second NIC on the FTP server, and have an outside zone and dmz zone. The SuSE's firewall is configured like that. You indicate which zone a device belongs to (outer, inner or DMZ) and have different firewall rules for each zone. The FTP server should be locked down with it's own firewall in any case.

Ideally the FTP server is located between two firewalls. The DMZ would have a private IP network address, but different from the LAN private address. The part you may be missing is that the firewall/router between the DMZ and the LAN will route the traffic from the LAN hosts to the FTP server. The FTP server doesn't need a NIC with a LAN network address.

If you have a DNS for your LAN, then it could provide the IP address of your FTP server (the DMZ IP address) and your ISP's DNS server wouldn't be consulted. Alternative, if you don't have a DNS server is to include the FTP server in every hosts /etc/hosts file. For small sized networks, the dnsmasq service looks very interesting. It uses it's own /etc/hosts file to serve up the IP addresses of hosts on the LAN, and relays requests for internet domains to a real DNS server.

So your LAN users would be using your FTP server's domain name (or nickname), which would resolve to a DMZ IP address, while Internet users would use the FTP servers FQDN (fully qualified domain name) and use the Internet IP address to your router/firewall.