4

I am trying to setup a FTP server using ProFTPD on Xubuntu 15.10. Users will connect to this server in two ways:

  • internally (using an internal IPv4 address)
  • externally (using domain name pointed to NATed IPv4 and global IPv6)

On top of that, I need to chroot all users to /share directory except one user group and to use different SSL (TLS) certificates for internal and external use.

I have actually set up the server to the phase where everyting is masqueraded to public IPv4 address. However, this block users to connect from internal address.

My original idea was to do it via virutal hosts, but I was not able to do it this way.

From Google I got nothing helpful on this topic. So, is there a good way to do this?

Diamond
  • 9,291
Vilican
  • 129
  • 1
  • 1
  • 21

1 Answers1

2

VirtualHosts is the answer, but you must assign another IP address to the FTP server. Let's say that the NAT IP is 172.16.1.10 and you add 172.16.1.11. Then you use:

<VirtualHost 172.16.1.10>
...external config here...
</VirtualHost>

<VirtualHost 172.16.1.11>
...internal config here...
</VirtualHost>

Then configure you internal DNS to make internal users to resolve your FTP server to 172.16.1.11. If you want a tighter security, configure iptables to only allow connections to FTP from the router to 172.16.1.10 and from the internal IPs to 172.16.1.11.

Mauricio López
  • 972