tk_don @ Mon Oct 06 09:59:47 EEST 2014 My server setup is like this:
[code] Internet/Routed ---- eth1 - Apache and Squid Vhost server - eth0 ---- Switch ----- eth0 - CrushFTP FTP server [/code]
The proxy/vhost runs Centos 6.5 while the CrushFTP server runs Centos 7. Let's say I want the CrushFTP server to accept FTP sessions at port 21, routed from the vhost/proxy port 21 . What I think I shouldn't do is to port forward the CrushFTP server directly in the router, instead, I'd prefer to keep it behind the proxy/vhost server.
I just can't make it work, and I'm not sure it can be made to work, I would think some kind of software on the proxy/vhost to actually listen on port 21 for pre-routing to work (?).
I have tried with an iptables solution adapted according to the solution posted at http://serverfault.com/questions/252425/forward-ftp-with-iptables , but when performing telnetting using "telnet 21" the connection is refused. I cannot access the ftp from outside, either.
Is there any solution to this or is this approach just a bad idea?
about 3 years ago
spinkb @ Mon Oct 06 12:40:14 EEST 2014 If your trying to have security by having a front end server, then you need to be using our DMZ feature of the enterprise license.
This handles the protocol at the receiving side, then connects internally with a reverse connection and uses HTTPs traffic internally between the DMZ and the internal server for all file transfers and everything else.
With the system your describing, it has to be specifically aware of how the FTP protocol works, or its guaranteed to fail.