Search code examples
linuxnetwork-programmingftpfirewallufw

How to connect to ftp server from within LAN when the router port-forwards external connection away from it

Sorry for the long question.

What it means is this: I am managing a small LAN that is protected by a router.

router     192.168.1.1
server     192.168.1.9
client     192.168.1.2
client     192.168.1.4

Since I have a static IP from my ISP, which is lets say 245.34.344.34, I can access my LAN at that address.

Now, I have set up my router's port forwarding config to this: when I SSH to 245.34.344.34 out from the internet, it forwards it to server 192.168.1.9:22. And when I FTP to 245.34.344.34, forwards it to client 192.168.1.2:21. Fine.

Then, when I am working from within the LAN, on my client 192.168.1.2 computer and that I want to access 192.168.1.9 through FTP, the router tries to forward it back to 192.168.1.2. But I am not sure what is happening.

On server 192.168.1.9 (which runs ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-47-generic i686), when I sudo ufw status:

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere
3000                       ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
21                         ALLOW       Anywhere
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
3000 (v6)                  ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)
21 (v6)                    ALLOW       Anywhere (v6)

But if I do nmap localhost:

PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
631/tcp  open  ipp
3306/tcp open  mysql

Now on client 192.168.1.2, nmap 192.168.1.9:

PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
80/tcp   open   http
443/tcp  closed https
3000/tcp closed ppp

It shows that the server's port 21 is closed.

I don't get it.

Can someone please help me understand how to reach my server through FTP from within the LAN?

Thanks

Solution

  • As I understand it your FTP daemon is supposed to be running on 192.168.1.9. If so you should forward port 21 to 192.168.1.9 not 192.168.1.2. That is one problem.

    Another problem is that based on the output of nmap from 192.168.1.2 against 192.168.1.9 there is no FTP daemon on 192.168.1.9. Make sure it is installed, properly configured, and is running.

    If you have networking properly configured on 192.168.1.2, it should be bypassing the router to access 192.168.1.9.