Ftp proxy source nat
I would like to use frox. And, by using the ports compile, I've been able to get it to work correctly most of the time. From the error messages I get back, some ftp clients worry about where the ftp data stream is coming from. Specifically, ncftp. It reports that the data stream is coming from the firewall, and not the original server. Is there a way to write a source nat rule so that it looks like the data stream is coming from the original server?
GruensFroeschli last edited by
Disable the NAT helper on all interfaces and make sure you have firewall rules in place that are NOT restrictive.
(Otherwise you wont be able to connect to the server).
If you mean the FTP helper program. Yes, that's disabled on all interfaces. Because I'm trying to use frox as a transparent proxy, I have all port 21 traffic sent to 2121 (frox port). Here's the rule I'm using:
External Address: any
External Port Range: FTP
NAT IP: 192.168.1.1 (Internal address of the firewall)
Auto-add firewall rule: yes
I'm pretty sure I've also tried it with NAT IP being 127.0.0.1, with the same result.
Slight addition. The ftp client makes the connection to the server. But, when asking for any data to be sent back, I get an error from ncftp saying that the data stream is coming from the wrong place, and it shuts down. This happens with a simple ls command. I'm thinking it's because ftp-data is coming from the firewall.
Give a shot to 2.0 it has got rid of ftp-proxy.
If I can find another machine hanging around to try that with, I will. I can't really take this one offline and do internet stuff. But, 2.0 is alpha… I'm a little unsure about alpha software.
But, I have a feeling that it's actually a problem with frox re-making the connection to the client. That's why I was looking for a source nat rule so that it could rewrite where the client thought the data was coming from. Or, maybe even having pftpx handle that part for me. But, can't find a way to do that either. Any ideas would be helpful.
Thanks for the help so far!