Estou tentando encaminhar todas as conexões de FTP recebidas no servidor A para outro servidor B. Eu tentei isso usando o iptables e consegui conectar na primeira etapa. O problema é que depois de entrar no modo passivo e enviar o comando MLSD estou recebendo um GnuTLS-Error -110: The TLS connection was non-properly terminated e minha conexão é abortada. Eu preciso usar ftp passivo.
Servidor A (Proxy):
iptables:
# general rules for forwarding traffic between external interface tap0 and internal interface eth0 iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE iptables -A FORWARD -i tap0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT # NAT for active/passive FTP. 192.168.178.21 would be your internal ftp server iptables -t nat -A PREROUTING -p tcp --dport 20 -j DNAT --to 192.168.178.21:20 iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to 192.168.178.21:21 iptables -t nat -A PREROUTING -p tcp --dport 1024:65535 -j DNAT --to 192.168.178.21:1024-65535 iptables -A FORWARD -s 192.168.178.21 -p tcp --sport 20 -j ACCEPT iptables -A FORWARD -s 192.168.178.21 -p tcp --sport 21 -j ACCEPT iptables -A FORWARD -s 192.168.178.21 -p tcp --sport 1024:65535 -j ACCEPT # allowing active/passive FTP iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
Log de conexão (alemão) do FileZilla para o proxy:
Status: Verbindung hergestellt, warte auf Willkommensnachricht... Status: Initialisiere TLS... Status: Überprüfe Zertifikat... Status: TLS-Verbindung hergestellt. Status: Angemeldet Status: Empfange Verzeichnisinhalt... Befehl: PWD Antwort: 257 "/" is your current location Befehl: TYPE I Antwort: 200 TYPE is now 8-bit binary Befehl: PASV Antwort: 227 Entering Passive Mode (192,168,178,21,156,206) Befehl: MLSD Fehler: GnuTLS-Fehler -110: The TLS connection was non-properly terminated. Status: Server hat die TLS-Verbindung nicht ordnungsgemäß geschlossen Fehler: Übertragungsverbindung unterbrochen: ECONNABORTED - Verbindung abgebrochen Fehler: Anzeigen des Verzeichnisinhalts durch Benutzer abgebrochen
Servidor B (servidor FTP):
Syslog do servidor FTP quando a conexão através do proxy chega:
Jun 30 20:06:02 ftpserver pure-ftpd: ([email protected]) [INFO] New connection from 192.168.178.20 Jun 30 20:06:02 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS] Jun 30 20:06:02 ftpserver pure-ftpd: ([email protected]) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [user] [ftpuser_1] Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [pass] [] Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [INFO] ftpuser_1 is now logged in Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [opts] [UTF8 ON] Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [pbsz] [0] Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [prot] [P] Jun 30 20:06:03 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [pwd] [] Jun 30 20:06:04 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [type] [I] Jun 30 20:06:04 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [pasv] [] Jun 30 20:06:04 ftpserver pure-ftpd: ([email protected]) [DEBUG] Command [mlsd] []
Eu consigo me conectar ao servidor ftp diretamente, então eu estava pensando se eu teria que pensar sobre o tls.