Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ftp proxy source nat

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blumstng
      last edited by

      I would like to use frox.  And, by using the ports compile, I've been able to get it to work correctly most of the time.  From the error messages I get back, some ftp clients worry about where the ftp data stream is coming from.  Specifically, ncftp.  It reports that the data stream is coming from the firewall, and not the original server.  Is there a way to write a source nat rule so that it looks like the data stream is coming from the original server?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Disable the NAT helper on all interfaces and make sure you have firewall rules in place that are NOT restrictive.
        (Otherwise you wont be able to connect to the server).

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • B
          blumstng
          last edited by

          If you mean the FTP helper program.  Yes, that's disabled on all interfaces.  Because I'm trying to use frox as a transparent proxy, I have all port 21 traffic sent to 2121 (frox port).  Here's the rule I'm using:
          Interface: LAN
          External Address: any
          Protocol: TCP
          External Port Range: FTP
          NAT IP: 192.168.1.1  (Internal address of the firewall)
          Auto-add firewall rule: yes

          I'm pretty sure I've also tried it with NAT IP being 127.0.0.1, with the same result.

          1 Reply Last reply Reply Quote 0
          • B
            blumstng
            last edited by

            Slight addition.  The ftp client makes the connection to the server.  But, when asking for any data to be sent back, I get an error from ncftp saying that the data stream is coming from the wrong place, and it shuts down.  This happens with a simple ls command.  I'm thinking it's because ftp-data is coming from the firewall.

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              Give a shot to 2.0 it has got rid of ftp-proxy.

              1 Reply Last reply Reply Quote 0
              • B
                blumstng
                last edited by

                If I can find another machine hanging around to try that with, I will.  I can't really take this one offline and do internet stuff.  But, 2.0 is alpha…  I'm a little unsure about alpha software.

                But, I have a feeling that it's actually a problem with frox re-making the connection to the client.  That's why I was looking for a source nat rule so that it could rewrite where the client thought the data was coming from.  Or, maybe even having pftpx handle that part for me.  But, can't find a way to do that either.  Any ideas would be helpful.

                Thanks for the help so far!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.