This is first time I setup ftp server and I'm not really clever at network thing.
How do i want my connection to look like.
HOME > INTERNET > OFFICE_ROUTER > OFFICE_WORKSTATION > FTP_SERVER
OFFICE_WORKSTATION has 2 NIC: connection to FTP_SERVER and internet connection by OFFICE_ROUTER, FTP_SERVER has only connetion to OFFICE_WORKSTATION (localNetwork)
What I already did is vsftpd on FTP_SERVER with tls and it's already accesible from localNetwork - OFFICE_WORKSTATION (e.g by using totalCommander > 10.10.10.10:21)
I did port and ip forwarding on OFFICE_ROUTER (let's say its public ip is 192.192.192.1 and local 192.168.10.1)
So when I connect from HOME to OFFICE_ROUTER it sends me further to OFFICE_WORKSTATION.
Then i setup netsh on OFFICE_WORKSTATION ( localNetwork ip 10.10.10.50, inernetNetwork ip 192.168.10.10) to get 192.168.10.10:21 from internet and send it to 10.10.10.10:21 which is my FTP_SERVER. But such setup gives me "500 illegal PORT command"
Maybe it's because FTP_SERVER don't know how to send data back ? Because now it should respond from 10.10.10.10:21 (FTP_SERVER) to 10.10.10:50 OFFICE_WORKSTATION) and here netsh should take care of it and output it to OFFICE_ROUTER
I already know that ftp uses two ports data and command. Maybe i shoud forward both ports ?
I did test where my OFFICE_WORKSTATION serve FTP and I was able to connect it by HOME station by using single portForwarding on OFFICE_ROUTER.
With totalCommander from OFFICE_WORKSTATION i connect to 10.10.10.10:21 and it works, but if i try (also from OFFICE_WORKSTATION) in totalCommander to use those configured ports ( 192.168.10.10:21 > 10.10.10.10:21 ) I've got same error "500 illegal PORT command"
I want my OFFICE_WORKSTATION to serve as portForwarding (i don't even know how to call it). So at the end I think problem lies in error/problem in portForwarding configuration.
I would be very pleased if someone could give me some hints.
This is first time I setup ftp server
Don't.
Please, do not use FTP. You really, really do not want to use FTP. We do not want you to use FTP. Vint Cerf does not want you to use FTP. Bill Gates does not want you to use FTP. Even FTPS (which I'm guessing is what you are trying to say).
There are few things worse than FTP. FTPS is one of them. Setting up FTPS with any sort of NAT is really difficult for an expert systems admin.
There are lots of better solutions - SFTP (note order of letters - it's completely different) for one.
Related
I'm currently trying to setup a tunneling tool, specific for game servers.
So you can start the server locally and everyone can join without open your ports or getting unsecure.
Basicly I do a reverse ssh tunnel to one of my dedicated linux servers where the game port get mapped to a different port (for example 8888). So the server is now exposed to the internet and available for anyone and the user don't have to get unsecure and open his own ports. Everyone can connect to the following ip: SERVERADRESS:8888.
The command which gets executed looks like this:
ssh -N -R "*:8888:localhost:25565" root#SERVERADRESS
This works fine just as i want. But I also want to secure my "forwarding" server, so I'm relativ new to networking but I found reverse proxy's. I watched some tutorials and I installed the "Nginx Proxy Manager" tool which comes with a web interface and looks very good and easy. So there is an option to create an Stream (Picture below), there you can enter the incoming port and the forward Host + port, for example: REVERSEPROXY:7777 -> FORWARDINGSERVER:8888. So with this I want to hide the ip adress from the server where all the ssh tunnels. Sadly this Stream tool won't work, I already saw some other topics with that. They all said to enter the port into the docker-compose.yml which I already did + restart. But for now it won't work. Any other soloutions for this problem? Or completly different ideas to protect my server?
https://i.stack.imgur.com/FolLe.png https://i.stack.imgur.com/KuJbt.png https://i.stack.imgur.com/2SN4a.png https://i.stack.imgur.com/9kzbj.jpg
I try to do my own tunneling tool, but with a protection so that my server getting damaged.
I'd like to install asterisk on a friend's computer but wish to do so without the computer being permanently bombarded with scammers. Locking down all the ports would be the obvious answer but this would mean that the remote client installed on a Android phone would then no longer work.
I do not want to have to use something like OpenVPN I would rather the remote extension reaches the asterisk box without the need for a VPN. Apopse from anything else not having to use a VPN would mean I could continue to benefit from push notification.
Security iptables particularly using something like m string matching - matching on keywords which may include the name of the client I am currently using on my Android and accepting incoming connections on detection of that word maybe one way of doing things blocking all IP addresses outside of the UK maybe another but of course nothing beats a VPN connection...
For an asterisk installation which will only serve one person, what is the ideal way of securing the installation whilst allowing reliable access from a remote extension which will not have a fixed IP but rather a dynamic one issued by the 3G connection it is running from.
You can do via versa:
1) setup iptables open port to provider
2) allow from other ips REGISTER only when UserAgent match your selected android app.
I have setup a server on of my PCs and I am running ownCloud on it. Everything is working fine but I wanted to ask a few things just to make the whole process more convenient.
How can I use a dynamic IP address in ownCloud? I have a ddns but, since I have a dyn external IP address, I need to put in the ddns again and modify the account when the IP changes. Is there a way through which ownCloud could work on the ddns and not on external IP address? (I hope you got what I meant) IMAGE: http://s27.postimg.org/r0224wfsz/Untitled_2.jpg
Also, is there a way to use the ddns(xyzz.co) in the same home network in which my server is? instead of the internal IP address(192.168.1.2). Because again, I need to modify the account when I am in the home network and when outside.
My WAMP server shuts down automatically like it would if I manually exit it. Is there a solution to that too? I have kept it on auto start on OS boot-up. But, I think that is not the solution.
Thanks a lot!
Why not let your router attached to your server cope with this? In the most recent routers, you can set your (D)DNS-settings.
You can set port mapping in your router to an external address. Then, when you are at home, you don't need to edit the settings of the sync client since you can always use your external IP-address.
I'd use cron for that. Look it up when you enter crontab --help in the terminal. On most distributions, cron comes with examples in the cron itself. So you can just edit it by entering crontab -e. Enough online, too.
I'm trying to connect to an FTP server over HTTP. Is there any way I can use a VPN like Hamachi and tunnel through my home PC, then connect tothe FTP via HTTP or another port?
The main problem with FTP over HTTP is not port mapping, but being able to translate HTTP commands to FTP. Something like mod_proxy_ftp should help. Note that FTP over HTTP proxies tend to support only fetching of files and listing of directories, i.e. they convert a directory URL to a LIST commands, and a file URL to a RETR command.
I realize I might not have answered your exact question, so apologies if there is a strong reason why you need to use VPN and not a proxy. Still I can't see how a VPN would do the protocol conversion.
I am a noob when it comes to network. Recently, I was trying to help a friend edit php code. In his office, there is a computer running which he said is the server that hosts the site. But he is not sure since the guy that build the site is unreachable now. So, he gave me the password and username to this local server but no ip to me. I have no idea how to connect to this "in house" server.
I see that there are several computers in the office and I tried to ssh to their LAN ip, ie. 1.1.1.1... to 1.1.1.10 something like that but none of the connection went through.
When I look up the ip of the website and put the ip into the browser, it actually goes to networksolutions.com. So guys, do you think the source code can be found on networksolutions.com(which is what I think) or is there a way to try to connect to this "in house" server(I am not even sure whether there's anything in it).
Have you tried attaching a monitor and keyboard to this server to determine what it is?
The IP of the site appears to be virtual hosted by Network Solutions. It is likely the server in the room is in fact not the server, instead that is handled by NetSol.
if you know the local ip range of the network which is normally either 10.*.*.* or 192.168.*.* or so you can use nmap to locate any servers quite quickly like: nmap -vvv 192.168.0.* which takes 5 seconds to find 4 end points