0

I have two servers behind a Watchguard, one is a linux server, one is a windows server. The watch guard forwards http and ftp requests (ports 80, and 21) to a proxy server.

I have configured apache on the proxy server so I can proxy the http requests to either server based on domain names as below

<VirtualHost *:80>
  ServerName        mysite.com.au
  ProxyPreserveHost On
  ProxyPass         "/" "http://10.0.2.21/"
  ProxyPassReverse  "/" "http://10.0.2.21/"
</VirtualHost>

<VirtualHost *:80>
    ServerName        mysite.net.au
    ProxyPreserveHost On
    ProxyPass         "/" "http://10.0.2.31/"
    ProxyPassReverse  "/" "http://10.0.2.31/"
</VirtualHost>

So .com.au goes to 10.0.2.21, and .net.au goes to 10.0.2.31. These are both internal servers.

I want to do the same type of forwarding for ftp (port 21).

So if I try to ftp to a site hosted on the windows server, the proxy will know it is hosted on the windows server (10.0.2.31) and forward the ftp requests to the correct server.

What i want to do is employ a proxy that listens on port 21 and forwards the traffic to the appropriate ftp server based on the dns name requested. I have the proxy and it is already working for http but I need to know how to do the same for ftp.

Improve this question
4
  • no. ftp is not host based. Tip: don't set up ftp server in 2016, it's so XX. century.
    – Ipor Sircer
    Commented Aug 18, 2016 at 7:59
  • I dont want to use host based proxy for the ftp, i just want a similar type of proxying
    – Rob Salmon
    Commented Aug 18, 2016 at 8:01
  • 1
    You can't do it. FTP is not capable of this.
    – Michael Hampton
    Commented Aug 18, 2016 at 8:49
  • Please read up and understand how FTP works better before continuing. You're going to be quite unhappy once you get logged in via port 21 and realize you still can't transfer any files. You can start with this stackoverflow post. You'll thank everyone that's telling you to stop later.
    – user143703
    Commented Aug 18, 2016 at 8:59

2 Answers 2

Reset to default
0

As already commented, no you can't.

Unless the FTP server for each FQDN listens on its own ip-address (or a different port) you can't do with FTP what you do with HTTP.

When a web browser makes a request to a webserver it includes the hostname, the FQDN in every request with the Host: header. That Host: header is what allows a reverse proxy to route the requests to different back-ends.

FTP never had such provision. An FTP client just made a TCP/IP connection and then waits for a server response code before transmitting a FTP client command such as for instance authentication details. Nowhere in the session does the FTP client transmit to which server it expects to connect. Therefore you can't route FTP connections to different back-ends based on the FQDN.

Edit: thanks to the comment below: RFC 7151 introduced the HOST command in 2014, but client support is still quite immature, and therefore not something to rely on.

Improve this answer
5
  • 2
    That's not 100% correct. See Do the SSH or FTP protocols tell the server to which domain I am trying to connect?.
    – Martin Prikryl
    Commented Aug 18, 2016 at 8:58
  • @MartinPrikryl: Thanks! You can tell I don't regularly do FTP anymore, I wasn't aware of that.
    – HBruijn
    Commented Aug 18, 2016 at 9:05
  • OK, so if I make each FTP server for each FQDN listen on its own port how do configure that on a proxy server.
    – Rob Salmon
    Commented Aug 18, 2016 at 9:31
  • Since your watchguard does the port forwarding; there. port 21 --> 1 server21, alternate port e.g. 2121 --> server31 (and set up rules to enable the second port FTP requires)
    – HBruijn
    Commented Aug 18, 2016 at 10:22
  • In hindsight the answer was obvious, use the watchguard and route different ports as@HBruijn stated. Now I just need a solution to route mail (ports 25 and 110) using FQDN's
    – Rob Salmon
    Commented Aug 18, 2016 at 21:11
0

There is a solution based on the mod_proxy module for ProFTPD: https://stackoverflow.com/a/35020052/226278

Still relying on the quite new HOST command.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .