Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need help: How to setup proFTPd using domain in a reverse NAT vps?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need help: How to setup proFTPd using domain in a reverse NAT vps?

jvnadrjvnadr Member
edited July 2015 in Help

Title says most, I think.
I want to setup proFTPd in a vps I created to my server, that is using NAT.
Setup is a reverse proxy via nginx, that redirects port 80 requests for the domain example.com to an internal ip 10.0.0.1 to port, e.g., 10000. In this setup, there is also a redirection from an external port, let's say 10111 to an internal port, let's say 10115 that is configured to proftpd.conf as ft listening port.
Also, there is a forwarding to extermal ports to match an internal port:

server {
  listen 80;
  server_name *.example.com;

  location / {
    proxy_pass              http://10.0.0.1;
    proxy_redirect off;
    proxy_set_header    Host $host;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_max_temp_file_size 0;
      client_max_body_size 10m;
      client_body_buffer_size 128k;
      proxy_connect_timeout 90;
      proxy_send_timeout 90;
      proxy_read_timeout 90;
      proxy_buffer_size 4k;
      proxy_buffers 4 32k;
      proxy_busy_buffers_size 64k;
      proxy_temp_file_write_size 64k;
  }
}

server {
  listen 10111;
  server_name *.example.com;

  location / {
    proxy_pass              http://10.0.0.1:10115;
    proxy_redirect off;
    proxy_set_header    Host $host;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_max_temp_file_size 0;
      client_max_body_size 10m;
      client_body_buffer_size 128k;
      proxy_connect_timeout 90;
      proxy_send_timeout 90;
      proxy_read_timeout 90;
      proxy_buffer_size 4k;
      proxy_buffers 4 32k;
      proxy_busy_buffers_size 64k;
      proxy_temp_file_write_size 64k;
  }
}

I also opened some ports for passive ftp, to match to the same internal ports and configured it to filezilla.
No luck. Any thoughts?

Comments

  • BochiBochi Member

    So what you want to do is proxy a FTP connection on a custom port to your VM using nginx?!
    Why don't you just use some iptables to forward the packets? Or do I miss something here?

    Thanked by 1jvnadr
  • perennateperennate Member, Host Rep

    Have you looked at http://www.proftpd.org/docs/howto/NAT.html ?

    It seems pretty straightforward.

    Thanked by 1jvnadr
  • jvnadrjvnadr Member

    Thank you all.
    I basically want to use reverse proxy with domain name. So, to the main server with the virtualization, if someone reach example.com:10000 would be redirected to virtualized vps 10.0.0.1:11111 and a second redirection, from let's say example2.com:13000 to virtualized vps 10.0.0.20:13500 .
    I use nginx to redirect the domain from the server to the virtualized vps.
    What I basically want to achieve, is to virtualize a server of mine to 3-4 vps, to split some of my sites with different users/panels/specs, so, every department that is using a certain vps can have a private ftp access for managing files on the server.
    And not to use the main (and only) external ipv4, for ftp or web accesing by the vps.
    I know that it would be more easy if I just do a port forwarding from real ipv4 (12.34.56.78) to the internal ips. I would like to avoid using the ip and masking it thru a reverse proxy using domain name.

  • BochiBochi Member
    edited July 2015

    Ah, think I got it know! :)
    As far as I know nginx (and also Apache & Co) make use of the HTTP protocol headers, so this is not achievable with plain FTP and not supported by nginx...

    But maybe this is any helpful: https://calomel.org/ftp_proxy.html

    /EDIT/
    You could come up with a botchy, pretty fancy and terribly fragile solution and trigger a function that, after a request to said domain is made, redirects the incomming packets using iptables for the requesting IP! :'D
    Or you just tell you guys to use the custom ports... :P

Sign In or Register to comment.