This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

MasqueradeAddress
#1
MasqueradeAddress
Hi


We are new to Sentora and are setting up our first server.   So far the review of this platform has been good.  One of the problems we have had so far is with FTP.   Our server sit behind a firewall and all have a 10.10.x.x. private address.   We do network address translation on the firewall to a real address.   When we try to ftp to the server from the outside of the network we get :

Server sent passive reply with unroutable address. Using server address instead.

Now normally we get past this by adding the following :



MasqueradeAddress 1.2.3.4


But when I add it and try to restart proftp it fails to restart.


The same goes if I try to specifically define which passiveftp ports to use. 

Any help would be great.
Thanks given by:
#2
RE: MasqueradeAddress
you need to forward PASV ports too in protpd not only port 21.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Thanks given by:
#3
RE: MasqueradeAddress
(02-26-2016, 11:40 PM)Me.B Wrote: you need to forward PASV ports too in protpd not only port 21.

So do port forwards and not NATs of those ports?
Thanks given by:
#4
RE: MasqueradeAddress
They need to be either nat or forwarded but most important not firewalled.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Thanks given by:
#5
RE: MasqueradeAddress
(02-27-2016, 12:58 AM)Me.B Wrote: They need to be either nat or forwarded but most important not firewalled.

Ok so when Sentora is installed what ports be default doe sit use for passive ftp?  FTP is normally port 20 and 21.   I did a scan and port 21 is closed.
Thanks given by:
#6
RE: MasqueradeAddress
port 21 need to be open for FTP.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Thanks given by:
#7
RE: MasqueradeAddress
(02-27-2016, 03:09 AM)Me.B Wrote: port 21 need to be open for FTP.

Ok so it is.   When I do a port scan says it is open .   But won't connect.
Thanks given by:
#8
RE: MasqueradeAddress
Did you you test first in local before using the WAN ip ? To be sure it's not a routing problem.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Thanks given by:
#9
RE: MasqueradeAddress
(02-27-2016, 05:36 AM)Me.B Wrote: Did you you test first in local before using the WAN ip ? To be sure it's not a routing problem.


Hello, first sorry my english, so, i had a similar problem with FTP of sentora, yesterday a created a AWS free t2.micro instance, using an elastic IP, (that is a Public static IP), but the instance have too a provate address, when i try to conect remotly vis FTP i get a pasive error (no remember exact error), the point is that the FTP was conecting to my public IP, but get request from my Provate IP.

Escenary:

Sentora 1.0.3
Ubuntu server 14.04 virtualized on Amazon AWS


Example:

Private IP: 192.168.1.10
Public IP: 208.1.1.1

FTP conect to 208.1.1.1 an spect a request from that IP, but get requets from 192.168.1.10 and that cause the error. Searching on google, the solution (i dont test it), was use filezilla FTP cliente and configure some paramters, so i search more and find a solution.


Firts the masquerade adresss is for NAT the PUBLIC IP TO THE PRIVATE IP, so that you know, u have to modify: /etc/proftpd/proftpd.conf file (in ubuntu)

MasqueradeAddress 208.1.1.1

there are my public IP.


HERE ARE THE MAGIC

But this only change not solve the problem, beacause the Pasive FTP functionality needs a Range of ports that you have to configure in the same file and of course open in your firewall too ad this line in the /etc/proftpd/proftpd.conf

PassivePorts 1024 1124



save changes, restart your FTP service:

sudo service proftpd restart

Try connect normally via FTP


NOTE: I have too a LAB virtual server (sentora 1.0.3 and ubuntu server 14.04.4) runing in virtualbox on windows 8.1 laptop, using DDNS to internet access, and this no need that config, FTP works with the sentora standar setup


Thats all, i hope tha this info help you, i kno that i have to mention just the port part but is not a particle problem so it can help more people.


Cheers, ciao.
Thanks given by:


Forum Jump:


Users browsing this thread: 1 Guest(s)