Forward ftp from one server to another

PatriceVigier · December 22, 2011, 5:49pm

What I want to do is to connect to a server A (connected to a public IP) and forward the FTP connexion to server B (Connected to another public IP).

CLIENT ==>Debian SERVER A===> Debian SERVER B with ProFTPD

Passive FTP uses two ports, 21 that carries the commands and any port from about 30000 to 65000 to transfer data.

When the client reaches the final FTP server (server B) it has the IP of the server A (as the client IP was Nated y server A), the server B answers with the port number to use for data transfer, this answer goes through A server then to the client.... At this moment the client knows what port to use for data transfer and try to connect to this port.

The problem is that the client instead of connecting to the server A that would forward to the server B, it goes directly into the B server which, of course, does not know what it wants as the IP is different from the server A (that Nated the client IP) to which it answered earlier.

How is it possible to have the client connect to the data port through the same path (Client ==>Server ==>A ==> Server B) ?

Does anybody as a solution for that problem?

For your info the server is a Debian Lenny
nf_conntrack and nf_conntrack_ftp are enabled
ip forwarding is enabled too

IPtables are: (the firewall is open when testing)

-A PREROUTING -p tcp -m tcp -d Server A -i eth0 --dport 21 -j DNAT --to-destination Server B
-A POSTROUTING -p tcp -m tcp -o eth0 --dport 21 -j MASQUERADE
-A PREROUTING -p tcp -m tcp -m state --dport 30000:65534 --state RELATED -j DNAT --to-destination Server B:30000-65534
-A POSTROUTING -p tcp -m tcp -m state -o eth0 --dport 30000:65534 --state RELATED -j MASQUERADE

Also for your information, with this configuration, I could make it work perfectly on 2 servers (I have 3 servers on 3 different public network), but one of the server (the one I want it to work!) is not working properly. For example, if I browse the FTP with Firefox it works perfectly. If I use Filezilla it does not browse folders & files. If I use my iPhone FTP application with my Wifi connection it works, if I use the same one with the G3 (telephone) connexion it does not.

Since this server is in a data center I thought that maybe the data center does not have a transparent connexion, so I asked them to verify. But they are sure not to go through firewall, my server is connected directly to Internet.

I have tried all solution, spent several days, this is why I need help...and I thank you from the bottom of my heart in advance.

Corona688 · December 22, 2011, 6:01pm

If you could do transfers in active mode instead of passive, it wouldn't be a random port, it'd be port 20. You could forward it the same way you forwarded port 21.

---------- Post updated at 05:01 PM ---------- Previous update was at 04:59 PM ----------

Alternately, you can tell proftpd to use a specific port range for its passive ports, so you're not stuck forwarding the entire 32K-64K range. Just pick 128 ports or something <32768 (not greater, we don't want randomly chosen ports to interfere) and forward the entire range the same way you forwarded port 21.

PassivePorts

PatriceVigier · December 22, 2011, 6:07pm

Thank you for your answer.
I know but this is a public server, in fact our server is in a data center but all our images, that we offer for download, are on our server at our office. Because of the amount of data we cannot transfer all the images from our office to the data center server. This is why we need this forward...

Corona688 · December 25, 2011, 4:01pm

I'm afraid I don't know what that has to do with my suggestions.

PatriceVigier · December 25, 2011, 5:28pm

Only, if I'm not wrong, the fact that most of ftp browser are in passive mode by default.

Corona688 · December 28, 2011, 5:56pm

I gave you suggestions for passive and active mode...