After about FTP service in Linux NAT, access problem-CodePudding

Everybody is good;
We set up FTP service in Linux system, the current network environment is the Intranet
The server's IP is 192.168.0.4 mask: 255.255.255.0
We are in the same network segment 192.168.0.0/24 access to FTP server 192.168.0.4 are normal
Then the FTP also need to let public service

192.168.0.4 - NAT - & gt; Public IP: 218.108.255. X

At this time in the FTP configuration to add the two parameter
Pasv_addr_resolve=YES
Pasv_address=218.108.255. X

Set up the above two parameters after
Public access to a normal

But (192.168.0.0/24) cannot access the Intranet server, because the Intranet server through public IP to visit
Intranet server connection 192.168.0.4 FTP service, open data transmission channels, FTP returns the public IP + data port

So here is problem after setting pasv_address
Only public access, either pasv_address set after NAT IP
Or Intranet access, only pasv_address set native network IP

Can't do inner and outer net at the same time can access

CodePudding user response:

Don't use passive mode network client (PASV), switch to active mode,
However, try to turn off the client firewall is feasible, confirm feasible to open the firewall,

If the client firewall has a problem, that is another problem, depending on the different systems, or different kernel take different solutions,

CodePudding user response:

Double process line, a public network monitoring, a monitoring network:
Cp/etc/VSFTPD/VSFTPD. Conf/etc/VSFTPD/vsftpd2 conf
1 & gt; The/etc/VSFTPD/VSFTPD. Conf
Listen_port=21
Pasv_min_port=10021
Pasv_max_port=10021
Ftpd_banner=Welcome to FTP1 service
Pasv_address=218.108.255. X
#...
2 & gt; The/etc/VSFTPD/vsftpd2. Conf
Listen_port=1022
Pasv_min_port=20022
Pasv_max_port=20022
Ftpd_banner=Welcome to FTP2 service
Pasv_address=192.168.0.4
#...
The second need to manually start:
The/usr/sbin/VSFTPD/etc/VSFTPD/vsftpd2 conf
Can also add startup.
forward finally do a local area network (LAN) :
192.168.0.0/NAT trusted 192.168.0.4:1022
:
Telnet networks outside 218.108.255. 21 get x: Welcome to FTP1 service
Intranet Telnet 192.168.0.4 21 get: Welcome to FTP2 service

CodePudding user response:

reference 1st floor sazhufa response:

network client (PASV) don't use passive mode, switch to active mode,
However, try to turn off the client firewall is feasible, confirm feasible to open the firewall,

If the client firewall has a problem, that is another problem, depending on the different systems, different kernel or take a different solution,

- thank you, this is can be solved, mainly is we are in the role of party b, party A to use FTP to add - A parameter, for they are more troublesome

refer to the second floor of my great god reply: 666

double process line, a public network monitoring, a monitoring network:
Cp/etc/VSFTPD/VSFTPD. Conf/etc/VSFTPD/vsftpd2 conf
1 & gt; The/etc/VSFTPD/VSFTPD. Conf
Listen_port=21
Pasv_min_port=10021
Pasv_max_port=10021
Ftpd_banner=Welcome to FTP1 service
Pasv_address=218.108.255. X
#...
2 & gt; The/etc/VSFTPD/vsftpd2. Conf
Listen_port=1022
Pasv_min_port=20022
Pasv_max_port=20022
Ftpd_banner=Welcome to FTP2 service
Pasv_address=192.168.0.4
#...
The second need to manually start:
The/usr/sbin/VSFTPD/etc/VSFTPD/vsftpd2 conf
Can also add startup.
forward finally do a local area network (LAN) :
192.168.0.0/NAT trusted 192.168.0.4:1022
:
Telnet networks outside 218.108.255. 21 get x: Welcome to FTP1 service
Intranet Telnet 192.168.0.4 21 get: Welcome to FTP2 service

- this can, under the severe worship

CodePudding user response:

refer to the second floor of my great god reply: 666

double process line, a public network monitoring, a monitoring network:
Cp/etc/VSFTPD/VSFTPD. Conf/etc/VSFTPD/vsftpd2 conf
1 & gt; The/etc/VSFTPD/VSFTPD. Conf
Listen_port=21
Pasv_min_port=10021
Pasv_max_port=10021
Ftpd_banner=Welcome to FTP1 service
Pasv_address=218.108.255. X
#...
2 & gt; The/etc/VSFTPD/vsftpd2. Conf
Listen_port=1022
Pasv_min_port=20022
Pasv_max_port=20022
Ftpd_banner=Welcome to FTP2 service
Pasv_address=192.168.0.4
#...
The second need to manually start:
The/usr/sbin/VSFTPD/etc/VSFTPD/vsftpd2 conf
Can also add startup.
forward finally do a local area network (LAN) :
192.168.0.0/NAT trusted 192.168.0.4:1022
:
Telnet networks outside 218.108.255. 21 get x: Welcome to FTP1 service
Intranet Telnet 192.168.0.4 21 get: Welcome to FTP2 service

The comparison of cattle B ~
The only problem is that ops people demanding!