Topic: How can I redirect an external FTP request to a an internal FTP server?

[svangool]

Hi,

Anyone an idea how I can make an internal ftp-server (not running on the SME-box but now visible as a local IP in the internal LAN) visible to the outside?
Proxypass does only work for HTTP.

Thanks, Sjef.

[David Harper]

You can use the Port Forwarding admin panel to forward FTP & FTP-data (20 & 21 from memory) to your internal IP.

[svangool]

Thanks,

That's what I thought also, so I did try a TCP port forward from port 50000 to 21 at the local ftp-server address but that ended up in "ECONNREFUSED - Connection refused by server". I did try from an external client (not on the local network).
If I do a direct connect at the local ftp-server address to port 21 with the proper user/password it does work.

Sjef.

[David Harper]

Don't forget that FTP is comprised of two ports - program and data.

[svangool]

OK, thanks.

But it doesn't come that far, the connection is already refused before the data port is negotiated. I don't get the ftp-server welcome message. I forwarded also port 20 but that didn't help.

Sjef.

[CharlieBrady]

But it doesn't come that far, the connection is already refused before the data port is negotiated. I don't get the ftp-server welcome message. I forwarded also port 20 but that didn't help.

My advice is that you don't try to pass-through ftp, unless you are sure that you can't avoid it, and you understand how ftp works.

The "passive" setting in the client program trying to connect will also have an effect. If it doesn't work one way, try the other.

[mmccarn]

You could mount the "real" internal FTP folder into an ibay, then enable FTP on the ibay.

Here are some notes on mounting network shares into SME folders: http://wiki.contribs.org/Mount_Network_Shares

You may want to consider the use of WebDAV or "sftp" instead of ftp in order to protect your user login information (ftp passes usernames and passwords in plain text).

[svangool]

I tried both modes of the ftp-client (Filezilla), but the connection gets immediately refused externally.
In fact I have a physical NMT media server in my network, so I can't use the ibay concept and it doesn't support SFTP, I don't mind if it is less secure by using normal ftp because worst case I will loose the media files.

Sjef.

[David Harper]

You could mount the "real" internal FTP folder into an ibay, then enable FTP on the ibay.

Here are some notes on mounting network shares into SME folders: http://wiki.contribs.org/Mount_Network_Shares

Does this mean that the mounted files are included in the Workstation Backup?

[ldkeen]

so I did try a TCP port forward from port 50000 to 21 at the local ftp-server address

Did you try ftp://mydomain:50000?
Lloyd

[svangool]

Yes, I exactly tried your example. Also I tried a portforward of 21 and 20 to the local IP address, that didn't work either, I must say I had my hopes on the last one. There is no connection negotiation which you normally see in an ftp session, the port-addressing is just plainly refused immediatly.

Sjef.