#1 2018-04-04 11:40:04

lemon
Trusted Member
Registered: 2015-08-27
Posts: 151

FTP behind NAT...

Did any of you get ftp working behind NAT?

So I tested pureftp and prodtp, both end with the same results.

When connecting to the internal IP everything works fine, I can log in and get chrooted to /var/www/mysite.com

syslog:

Apr  4 13:14:54 ftpserv systemd[1]: Started LSB: Starts ProFTPD daemon.
Apr  4 13:20:51 ftpserv systemd[1]: Started Session c4 of user mysiteftpuser.

But when using the external IP and natted port it looks like this:

WK2pEWa.png
Syslog looks the same than the successful login.

So i went into prodtpd.conf and added this:

PassivePorts                  1336 1338
MasqueradeAddress       ftp.mysite.com
MasqueradeAddress       77.*.*.*

With this settings i cannot even connect with the internal ip anymore?!
V35Y9ea.png
syslog looks again the same like before

Connecting to the external ip fails even more now:
5CY22UW.png

So right now I have no idea what could be wrong...

this is my nat rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1337 -j DNAT --to-destination 192.168.66.199:21

Has anyone faced this problem too?

This problem is not related to any LES Hoster, but kinda the same surrounding: my private proxmox container with NATed IP

Edit: damn i could be a professional thread designer
Edit2: login via telnet works, so just chroot seems to be broken, and that tls thing

Last edited by lemon (2018-04-04 11:48:47)

Offline

#2 2018-04-04 11:45:48

MM552
Trusted Member
From: I am not 100% sure
Registered: 2018-03-13
Posts: 74
Website

Re: FTP behind NAT...

Hi why don't you try using SFTP. In the port box you put in your assigned SSH port and it should work. I have attached a demo image for you.
SFTP

Last edited by MM552 (2018-04-04 11:51:47)

Offline

#3 2018-04-04 11:51:16

lemon
Trusted Member
Registered: 2015-08-27
Posts: 151

Re: FTP behind NAT...

MM552 wrote:

Hi why don't you try using SFTP. If you were to have a dedicated IPv4 it would be on port 22 same as your ssh port. Image attached!!
https://mm552.xyz/res/sftp.png

Because I want to chroot the user in /var/www/mysite.com, and that will only work with sftp if all parent directorys are owned by root:root (700), if I understood that right.

Currently I use sftp as a workaround, but i'm not happy with it.

btw: may you wanna disable indexing for https://mm552.xyz/res/ ?

Last edited by lemon (2018-04-04 11:52:34)

Offline

#4 2018-04-04 11:55:37

MM552
Trusted Member
From: I am not 100% sure
Registered: 2018-03-13
Posts: 74
Website

Re: FTP behind NAT...

lemon wrote:

btw: may you wanna disable indexing for https://mm552.xyz/res/ ?

It doesn't matter really because it is just where all my LowEndSpirit images go for on the forum. But I have disabled it anyway. Thanks for that. In regards to the FTP one of the staff members might have more knowledge on that topic than me. But I hope I helped in someway.

Offline

#5 2018-04-04 14:52:13

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,536
Website

Re: FTP behind NAT...

that's why I didn't reckognize the port range smile   
   
I think you are over complicating things.

I would try setting up the iptable rule with -d <externalip> instead of -i
If you have the iptables rules correct, then read this: http://techorator.blogspot.se/2010/02/h … -with.html on how to configure your FTP server.   
   
I don't think your FTP server is aware that it should have an external IP, it is only listening to your internal. and answering with that.

Offline

#6 2018-04-05 10:49:51

lemon
Trusted Member
Registered: 2015-08-27
Posts: 151

Re: FTP behind NAT...

Ah I see I've misunderstood the PassivePortRange option, thanks for that link, I'll try it wink

Offline

Board footer

Powered by FluxBB