Hi,
The setup is as follows --
Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can access FTP server from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip & same port no.
please help me out.
Thanks
On Fri, Oct 8, 2010 at 10:17 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
The setup is as follows --
Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can access FTP server from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip & same port no.
You need to forward the port on your proxy server using iptables. An example http://www.debian-administration.org/articles/73
On Fri, Oct 8, 2010 at 12:04 PM, Mehul Ved mehul.n.ved@gmail.com wrote:
On Fri, Oct 8, 2010 at 10:17 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
The setup is as follows --
Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can accessFTP
server from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip & same port no.
You need to forward the port on your proxy server using iptables. An example http://www.debian-administration.org/articles/73
-- With Regards, Mehul Ved -- http://mm.glug-bom.org/mailman/listinfo/linuxers
Hi..Mehul,
I want external users to access my internal ftp through public ip. The public ip is from 118.x.x.x series , it is not configured anywhere to any ethernet card.
On Fri, Oct 8, 2010 at 10:49 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
On Fri, Oct 8, 2010 at 12:04 PM, Mehul Ved mehul.n.ved@gmail.com wrote:
On Fri, Oct 8, 2010 at 10:17 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
The setup is as follows --
Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
this statement and the one below don't match.
Hi..Mehul,
I want external users to access my internal ftp through public ip. The public ip is from 118.x.x.x series , it is not configured anywhere to any ethernet card.
As per the diagram in your original post, the users from the internet will access ftp through port 1111 on 118.x.x.x. and if the port forwarding is setup properly, their request will be forwarded to the FTP server.
On Fri, Oct 8, 2010 at 1:17 PM, Mehul Ved mehul.n.ved@gmail.com wrote:
On Fri, Oct 8, 2010 at 10:49 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
On Fri, Oct 8, 2010 at 12:04 PM, Mehul Ved mehul.n.ved@gmail.com
wrote:
On Fri, Oct 8, 2010 at 10:17 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
The setup is as follows --
Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
this statement and the one below don't match.
Hi..Mehul,
I want external users to access my internal ftp through public ip. The public ip is from 118.x.x.x series , it is not configured
anywhere
to any ethernet card.
As per the diagram in your original post, the users from the internet will access ftp through port 1111 on 118.x.x.x. and if the port forwarding is setup properly, their request will be forwarded to the FTP server.
-- With Regards, Mehul Ved -- http://mm.glug-bom.org/mailman/listinfo/linuxers
Hi,
I want to configure ftp to different public ip other than squid's public ip.
On Fri, Oct 8, 2010 at 11:52 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
I want to configure ftp to different public ip other than squid's public ip.
Why does it matter? But, if you still want that, the simplest possible solution will be to put an additional network card and configure the IP to that device. And then do the port forwarding. Or you can do it from your router, if it supports multiple WAN IP addresses.
On Fri, Oct 8, 2010 at 11:52 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
.... major snip .....
Hi,
I want to configure ftp to different public ip other than squid's public ip.
As others have suggested you need to "port forward" for the service. Please read up on port forwarding. All such settings should be in your ISP's modem/router - please read up the documentation for your ISP's modem/router. On my MTNL modem/router, FTP port forwarding rule comes as a template in which I just need to provide the IP number of my LAN machine. There must be something similar to it in your modem/router. Alternately, most modem/routers provide a "single" DMZ host. You can put your FTP server as this DMZ host.
-- Arun Khan
On Sat, Oct 9, 2010 at 1:11 PM, Arun Khan knura9@gmail.com wrote:
On Fri, Oct 8, 2010 at 11:52 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
.... major snip .....
Hi,
I want to configure ftp to different public ip other than squid'spublic ip.
As others have suggested you need to "port forward" for the service. Please read up on port forwarding. All such settings should be in your ISP's modem/router - please read up the documentation for your ISP's modem/router. On my MTNL modem/router, FTP port forwarding rule comes as a template in which I just need to provide the IP number of my LAN machine. There must be something similar to it in your modem/router. Alternately, most modem/routers provide a "single" DMZ host. You can put your FTP server as this DMZ host.
-- Arun Khan
Hi,
I have few public IP's ..I don't have modem...My proxy configured as transparent with two ethernet cards. If i apply DNAT rule then i can access the vsftpd system locally with public ip.but i can't access the system on lan..
The rule applied as follows --
#iptables -t nat -A PREROUTING -d 118.x.x.x -j DNAT --to 192.y.y.y
this 118.x.x.x is no where assigned in the network so where should i apply port forwarding if no ethernet card available for that ip.
i am struggling on this issue since 5 days.
thanks for any help.
On Mon, Oct 11, 2010 at 11:02 AM, Dattatray Kamble meet2dsk@gmail.com wrote: ... snip ...
I have few public IP's ..I don't have modem...My proxy configured as transparent with two ethernet cards. If i apply DNAT rule then i can access the vsftpd system locally with public ip.but i can't access the system on lan..
The rule applied as follows --
#iptables -t nat -A PREROUTING -d 118.x.x.x -j DNAT --to 192.y.y.y
this 118.x.x.x is no where assigned in the network so where should i apply port forwarding if no ethernet card available for that ip.
Please see [1]. Your ISP must have installed some kind of box on your premise that converts the media from cable/ DSL / leased line / to Ethernet frames to connect to your LAN. You need to read the docs on that device and/or talk to the support guys @ your ISP. Your 118.x.x.x is most likely assigned to that box.
i am struggling on this issue since 5 days.
[1] I would strongly advice you to learn the basics of network topology in a visual form. IMO, w/o a visual topology it is difficult to explain how your network is setup and w/o that info it is next to impossible for anyone to help you. You may continue to struggle for many more days if you are unwilling to take this step.
-- Arun Khan
On Monday 11 October 2010 11:56:37 Arun Khan wrote:
I have few public IP's ..I don't have modem...My proxy configured as transparent with two ethernet cards. If i apply DNAT rule then i can access the vsftpd system locally with public ip.but i can't access the system on lan..
The rule applied as follows --
#iptables -t nat -A PREROUTING -d 118.x.x.x -j DNAT --to 192.y.y.y
this 118.x.x.x is no where assigned in the network so where should i apply port forwarding if no ethernet card available for that ip.
An ip is assigned (finally) to a physical device with a mac. You may configure virtual devices with an IP. But they must finally be tied to a physical device with a mac.
Please see [1]. Your ISP must have installed some kind of
He could be the ISP.
box on your premise that converts the media from cable/ DSL / leased line / to Ethernet frames to connect to your LAN. You need to read the docs on that device and/or talk to the support guys @ your ISP. Your 118.x.x.x is most likely assigned to that box.
i am struggling on this issue since 5 days.
[1] I would strongly advice you to learn the basics of network topology in a visual form.
Foe whatever he is trying to do, he needs to know a lot more than the basics, else he will be owned.
On Fri, Oct 8, 2010 at 11:52 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
I have few public IP's ..I don't have modem...My proxy configured astransparent with two ethernet cards.
In what way are these public IPs linked to your network?
On Mon, Oct 11, 2010 at 3:35 PM, Rony Bill gnulinuxist@gmail.com wrote:
On Fri, Oct 8, 2010 at 11:52 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
I have few public IP's ..I don't have modem...My proxy configured astransparent with two ethernet cards.
In what way are these public IPs linked to your network?
-- As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones.
Regards,
Rony.
Hi,
It's the Public IP pool provided from ISP. The IP's not configured anywhere in the network.
On Monday 11 October 2010 05:28 PM, Dattatray Kamble wrote:
Hi,
It's the Public IP pool provided from ISP. The IP's not configured anywhere in the network.
Hi. Now as JTD mentioned, you will have to have some device to which your proposed IP is bound to. If your ISP is giving you a LAN cable only then you will need a computer with 2 ethernet cards. One card connects to the ISP and it is assigned the public IP as per directions from your ISP. The other card connects to your LAN so it has the LAN subnet. Assuming that you have an ftp server in your LAN, your dual card computer will have to be configured as a router and have port forwarding for ftp, pointing to the LAN ip of your ftp server.
In the connection diagram below, the device in [ ] is your dual card pc used as a router.
Internet --> [ Card_Public IP <--> Routing and Port Forwarding Rules <--> Card_LAN IP ] --> LAN Hub/Switch --> LAN FTP Server
Once the dual card computer is properly configured with iptables for routing and port forwarding, anyone from the internet can now reach your internal ftp server via the routing box.
On Monday 11 Oct 2010, Rony wrote:
On Monday 11 October 2010 05:28 PM, Dattatray Kamble wrote:
It's the Public IP pool provided from ISP. The IP's not configured anywhere in the network.Hi. Now as JTD mentioned, you will have to have some device to which your proposed IP is bound to. If your ISP is giving you a LAN cable only then you will need a computer with 2 ethernet cards. One card connects to the ISP and it is assigned the public IP as per directions from your ISP. The other card connects to your LAN so it has the LAN subnet. Assuming that you have an ftp server in your LAN, your dual card computer will have to be configured as a router and have port forwarding for ftp, pointing to the LAN ip of your ftp server.
Sorry to nitpick, but you don't necessarily need two Ethernets on any device. You can work it just fine with a computer with a single Ethernet card and IP aliases. Create two logical networks on the machine, one for the WAN side and another for the LAN side, and they will happily co-exist on the same physical Ethernet network and interface.
Of course, you will need a small switch or a hub (do those even exist anymore?) to be able to interconnect everything.
Regards,
-- Raj
On Monday 11 October 2010 08:37 PM, Raj Mathur (राज माथुर) wrote:
Sorry to nitpick, but you don't necessarily need two Ethernets on any device. You can work it just fine with a computer with a single Ethernet card and IP aliases. Create two logical networks on the machine, one for the WAN side and another for the LAN side, and they will happily co-exist on the same physical Ethernet network and interface.
Of course, you will need a small switch or a hub (do those even exist anymore?) to be able to interconnect everything.
That is cool. So we can connect the incoming internet cable (with public ip) to the LAN switch and the firewall has a single ethernet card (with 2 log. nets) connected to the LAN switch too. Each one talks within their subnets.
The only drawback would be a little lowering of network speed which may be negligible but a bigger danger of someone outside the premises cutting the incoming internet cable, crimping an RJ45 on it and connecting it to a laptop. Now the laptop is directly in the company's LAN, bypassing the firewall.
On Mon, Oct 11, 2010 at 9:07 PM, Rony gnulinuxist@gmail.com wrote:
On Monday 11 October 2010 05:28 PM, Dattatray Kamble wrote:
Hi,
It's the Public IP pool provided from ISP. The IP's not configured anywhere in the network.Hi. Now as JTD mentioned, you will have to have some device to which your proposed IP is bound to. If your ISP is giving you a LAN cable only then you will need a computer with 2 ethernet cards. One card connects to the ISP and it is assigned the public IP as per directions from your ISP. The other card connects to your LAN so it has the LAN subnet. Assuming that you have an ftp server in your LAN, your dual card computer will have to be configured as a router and have port forwarding for ftp, pointing to the LAN ip of your ftp server.
In the connection diagram below, the device in [ ] is your dual card pc used as a router.
Internet --> [ Card_Public IP <--> Routing and Port Forwarding Rules <--> Card_LAN IP ] --> LAN Hub/Switch --> LAN FTP Server
Once the dual card computer is properly configured with iptables for routing and port forwarding, anyone from the internet can now reach your internal ftp server via the routing box.
--
As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones.
Regards,
Rony.
Hi,
Yes..i have eth1 configuration for public acces And eth0 for private access ..it is true.. I natted & masqueraded eth0 with eth1 connections And did transparent proxy configuration on that system. Now here is the condition....
If any request coming towards 118.y.y.y with port XXXX should forwarded to 192.x.x.x with port XXXX.
I want to assign above rule through iptables. But i don't want to configure the public ip for vsftpd anywhere.
Thanks.
On Tuesday 12 October 2010 10:07 AM, Dattatray Kamble wrote:
Hi,
Yes..i have eth1 configuration for public acces And eth0 for private access ..it is true..I natted& masqueraded eth0 with eth1 connections And did transparent proxy configuration on that system. Now here is the condition....
If any request coming towards 118.y.y.y with port XXXX should forwarded to 192.x.x.x with port XXXX.
I want to assign above rule through iptables. But i don't want to configure the public ip for vsftpd anywhere.
So your vsftpd is running inside the same box as your proxy. Is that right? How do you forward packets from one input interface to the other outgoing interface and try to get them back in from the outgoing interface? Should the output interface be bridged to a virtual interface that is bound to vsftpd? This is a tricky situation.
On Tue, Oct 12, 2010 at 11:44 PM, Rony gnulinuxist@gmail.com wrote:
On Tuesday 12 October 2010 10:07 AM, Dattatray Kamble wrote:
Hi,
Yes..i have eth1 configuration for public acces And eth0 for private access ..it is true..I natted& masqueraded eth0 with eth1 connections And did transparent
proxy
configuration on that system. Now here is the condition....
If any request coming towards 118.y.y.y with port XXXX should forwarded
to
192.x.x.x with port XXXX.
I want to assign above rule through iptables. But i don't want to configure the public ip for vsftpd anywhere.
So your vsftpd is running inside the same box as your proxy. Is that right? How do you forward packets from one input interface to the other outgoing interface and try to get them back in from the outgoing interface? Should the output interface be bridged to a virtual interface that is bound to vsftpd? This is a tricky situation.
--
As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones.
Regards,
Rony.
Hi,
I have public ip's range 118.y.y.1 - 118.y.y.5 Squid is running on 118.y.y.1 ( eth1 ) & 192.x.x.1 ( eth0 ) My vsftpd is running on 192.y.y.5 in internal lan. Now i want to use one of my public ip 118.y.y.2, for accessing vsftpd from outside.
On Wed, Oct 13, 2010 at 10:27 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
On Tue, Oct 12, 2010 at 11:44 PM, Rony gnulinuxist@gmail.com wrote:
Yes..i have eth1 configuration for public acces And eth0 for private access ..it is true.. I natted& masqueraded eth0 with eth1 connections And did transparent
proxy
configuration on that system. Now here is the condition....
If any request coming towards 118.y.y.y with port XXXX should forwarded
to
192.x.x.x with port XXXX.
I want to assign above rule through iptables. But i don't want to configure the public ip for vsftpd anywhere.
So your vsftpd is running inside the same box as your proxy. Is that right? How do you forward packets from one input interface to the other outgoing interface and try to get them back in from the outgoing interface? Should the output interface be bridged to a virtual interface that is bound to vsftpd? This is a tricky situation.
--
... snip ...
Please quote only relevant matter and remove the crud
I have public ip's range 118.y.y.1 - 118.y.y.5 Squid is running on 118.y.y.1 ( eth1 ) & 192.x.x.1 ( eth0 ) My vsftpd is running on 192.y.y.5 in internal lan. Now i want to use one of my public ip 118.y.y.2, for accessing vsftpd from
Until this post you were saying packets to 118.x.x.x port yyyy to forward to same port on some internal machine.
Great, you are least becoming specific which should have been done in your first post. The whole thread is like a "20 Question" game; information comes out in pieces.
You need to create a port forward rule from 118.y.y.2 to your internal vsftpd server.
-- Arun Khan
On Wednesday 13 October 2010 10:27 AM, Dattatray Kamble wrote:
Hi,
I have public ip's range 118.y.y.1 - 118.y.y.5 Squid is running on 118.y.y.1 ( eth1 )& 192.x.x.1 ( eth0 ) My vsftpd is running on 192.y.y.5 in internal lan. Now i want to use one of my public ip 118.y.y.2, for accessing vsftpd from outside.
These are your earlier statements....
"Internet ---> Proxy (Squid) ------> FTP server
eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x "
" I want to configure ftp to different public ip other than squid's public ip. "
" If i apply DNAT rule then i can access the vsftpd system locally with public ip.but i can't access the system on lan.."
"this 118.x.x.x is no where assigned in the network so where should i apply port forwarding if no ethernet card available for that ip."
" It's the Public IP pool provided from ISP. The IP's not configured anywhere in the network. "
"If any request coming towards 118.y.y.y with port XXXX should forwarded to 192.x.x.x with port XXXX. [This was already your solution]
I want to assign above rule through iptables. But i don't want to configure the public ip for vsftpd anywhere. "
"I have public ip's range 118.y.y.1 - 118.y.y.5 Squid is running on 118.y.y.1 ( eth1 )& 192.x.x.1 ( eth0 ) My vsftpd is running on 192.y.y.5 in internal lan. Now i want to use one of my public ip 118.y.y.2, for accessing vsftpd from outside."
Go through the above statements and see what a mess you made with your query.
On Tue, Oct 12, 2010 at 10:07 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Yes..i have eth1 configuration for public acces And eth0 for private access ..it is true.. I natted & masqueraded eth0 with eth1 connections And did transparent proxy configuration on that system.
You have now **changed** your story. IIRC, until this post you kept mentioning that 118.x.x.x was not configured in any machine on your premise.
Now here is the condition....
If any request coming towards 118.y.y.y with port XXXX should forwarded to 192.x.x.x with port XXXX.
So are all your 118.x.x.x IPs assigned to eth1 on the Proxy server?
-- Arun Khan
On Mon, Oct 11, 2010 at 5:28 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
It's the Public IP pool provided from ISP. The IP's not configured anywhere in the network.
Then how is your proxy server able to access sites on the Internet?
From your proxy server execute the following command line and share
it's output with us.
traceroute -n www.yahoo.com
It will help demystify your network setup.
-- Arun Khan
The best way to resolve your issue would be if you could just pick up a networking book and skim through it. There are so many things you should learn about before attempting to ask for help. Here, have a free list: http://www.amazon.com/Networking-books/lm/3UOSOCPBMK0G7
Trust me. In the long run it will benefit you.
Dinesh
On Fri, Oct 8, 2010 at 1:19 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
On Fri, Oct 8, 2010 at 12:04 PM, Mehul Ved mehul.n.ved@gmail.com wrote:
On Fri, Oct 8, 2010 at 10:17 AM, Dattatray Kamble meet2dsk@gmail.com wrote:
Hi,
The setup is as follows --
Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can access
FTP
server from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip & same port no.
You need to forward the port on your proxy server using iptables. An example http://www.debian-administration.org/articles/73
-- With Regards, Mehul Ved -- http://mm.glug-bom.org/mailman/listinfo/linuxers
Hi..Mehul,
I want external users to access my internal ftp through public ip. The public ip is from 118.x.x.x series , it is not configured anywhere to any ethernet card. -- http://mm.glug-bom.org/mailman/listinfo/linuxers
On Friday 08 October 2010 10:17 AM, Dattatray Kamble wrote:
Hi,
The setup is as follows --Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can access FTPserver from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip& same port no.
If you want a particular machine on lan to be accessible from outside then you have to forward the port traffic from the public ip to your private machine ip in your routing device like ADSL router, firewall (iptables) box, etc. Use static ips for those LAN machines.
On 08-10-2010 10:17, Dattatray Kamble wrote:
Hi,
The setup is as follows --Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can access FTPserver from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip& same port n o.
please help me out.
Thanks
Hey, You can add the ADDITIONAL 118.x.x.3 (assuming 118.x.x.1 is your gateway, and 118.x.x.2 is being used on your eth1), to an interface alias
# ifconfig eth1:1 118.x.x.3 netmask 255.255.255.x up
then from the internet test if you can ping this new ip address, you can use
telnet route-server.gblx.net and then ping from there to test if the ip address is reachable, if yes then you can add the iptables dst nat rule for your ftp server
#iptables -t nat -A PREROUTING --dst ${PUBLIC-IP} -p tcp --dport ${LAN-HOST-PORT} -j DNAT --to-destination ${LAN-HOST-IP}
As this is a ftp server you might face problems so just to be sure add the following src-nat rule also
#iptables -t nat -A POSTROUTING -d ! ${LAN-HOST-IP} -j SNAT --to ${PUBLIC-IP}
where
${PUBLIC-IP} = 118.x.x.3 ${LAN-HOST-IP} = 192.x.x.x (your ftp server's ip address) ${LAN-HOST-PORT} = 1111 (your ftp server's tcp port)
All the above commands are to be executed on the "Squid" machine, and the FTP server's default gateway _needs_ to be the LAN IP of the "Squid" machine.
Hope this helps.
regards Ripunjay Bararia
-
Arun Khan -
Dattatray Kamble -
Dinesh Joshi -
jtd -
Mehul Ved -
Raj Mathur (राज माथुर) -
Ripunjay Bararia -
Rony -
Rony Bill