Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

OpenSUSE 13.2 FTP masquerading/NAT problem

by Nov 23, 2015 11:55PM PST

Greetings,

I am working on setting up my company's OpenSUSE 13.2 webserver as the "gateway" for an internal FTP server via the firewall's masquerading service (configured through YaST). External zone configured (FTP ports allowed), IPv4 forwarding is enabled on the NIC, masquerading translates <public ip : 21> to <private ip : 21>, external clients can connect to the FTP server (welcome message received, user authentication succeeds), but as soon as the PASV command is sent and the client wants to list the contents, the connection timeouts and breaks.

I've noticed that after the PASV command the reply packet contains the private (internal) IP address of the FTP server, and I am certain that this is the source of the problem, however, I can't seem to find the reason for it. My primary theory is obviously a malfunctioning masquerading/NAT configuration, however, I don't suppose that the connection could even build up to the point that user authentication succeeds on the internal FTP server from an external source, and it breaks only after that. I've also tried masquerading packets sent to <public ip : port 20> to <private ip : port 20>, no change, though.

Seems to be no problem present with the FTP server itself, as it works perfectly in our LAN, as part of an IP camera recording system, while it's also operational from any workstation.

Also, although it would be an obvious solution, it is not possible to separate the FTP server - or replace the webserver gateway - with a router that could solve the whole problem with a static PAT configuration, as the FTP server is a single-NIC machine, it must remain connected to the internal network as part of an IP camera recording system, and we don't necessarily want to spend extra money for a router that can replace our well-working, dual-gigabit-NIC webserver gateway that otherwise has no problem at all in terms of working as a gateway for our internal network.

Harsh network schematic:

[Internet] = [OpenSUSE 13.2 webserver (gateway)] = [FTP server in the LAN]

If you have any idea on what might cause the problem we'd be glad to hear it.

Thanks in advance,
Ben

Discussion is locked

Back to Networking & Wireless forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info