PDA

View Full Version : Specify a particular eth$ to an FTP client?



roostertn
8th June 2010, 11:50 PM
Here's my problem. Completely blindsided me.

Outside FTP <--- my f11 desktop connects fine.

My behind the same firewall but nat'ed server, which also my FTP server, can not.

It seems to be sending out on one internal IP which I'm guessing is the one nat'ed to the outside as my external IPs. Not my main external outbound.

So it sends connect via the nat'ed but then makes secondary via main out as it wouldn't be from port 21. i'm sure this outside FTp isn't set to passive and it drops me, but only from the server.


Is there a way to bond an output of an application, the ftp client in this case, to a different connection.

Say eth1 vs eth0?

wangmaster
9th June 2010, 02:45 PM
Normally your route table determines which interface you go out on. Are you NAT'ing locally, or only on the firewall?

You're description isn't really clear what exactly you're seeing.

roostertn
9th June 2010, 03:05 PM
Sorry , separate firewall.

Multiple connections on the lan per server.

This one server has 2.

Its eth0 is steered via nating to outside for ftp serving.

I need to bond an ftp client on the same machine to a different connection as to not be steered out as an alternate IP.

wangmaster
9th June 2010, 10:47 PM
Let me restate this.
You need to provide a bit more detail.
1) the ftp server is on the same LAN as the client? or no?
2) what exactly are you seeing on the ftp client that makes you think you need to force the connection out on one of the ethX interfaces? are either of the client's interfaces on the same subnet as the server's ip address that you're trying to reach?

Barring any unusual ipfilter configuration, or other tcp/ip configuration funkiness, the interface that your system determines to use is determined by your route table.
For example if your netstat -rn looks like this:

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0

What this means is, if you are trying to connect to an IP address of 192.168.1.x, it will go out eth0. If you are trying to connect to 192.168.2.x ip address it will go out eth1.
Otherwise if you aren't connecting to either of the two 192.168. subnets it will route out the defualt gateway of 192.168.1.254 via eth0.

So if you're seeing FTP traffic coming and going on two entirely different interfaces, then what it usually means is the route table of your two systems are not correct and you likely need to fix it.
Or your iptables NAT rules are completely fubar'ed.