directing ftp traffic..

[Pooh-Bear]

The setup is this.
10mb line in to a P200 running 98 and Tiny firewall with two NIC´s. Then a switch and three puter in a LAN. One of these is currently running an ftp.

How do I direct al port 21 traffic to the ftp computer?
The problem is that I don´t know where to start looking.. is it Tiny that I need to modify?
(another problem is that I´ll only get a couple of hours to set everything up so I don´t want to run into to many problems when I´m at it)

[nietzsche]

The setup is this.
10mb line in to a P200 running 98 and Tiny firewall with two NIC´s. Then a router and three puter in a LAN. One of these is currently running an ftp.

How do I direct al port 21 traffic to the ftp computer?
The problem is that I don´t know where to start looking.. is it Tiny that I need to modify?
(another problem is that I´ll only get a couple of hours to set everything up so I don´t want to run into to many problems when I´m at it)

Not too sure about Tiny (sorry), but you'll need to start by looking at NAT or PAT, depending on how detailed your proxy (the Tiny/98 box) gets about these things.
Here's what you could do, as I see it:
Option 1) Set up the router just to pass traffic from <any> to <any> along port 20/21, and configure the Tiny proxy box to actually do the nat (take any packet from the "outside" on port 21 and spit it out to 192.168.0.3, for example <class C private network address>) or the pat (take any packet that's coming in on port 21003 and throw it down the line, to your "inside" portion, on port 21 - and then let your router do the translation on it).
Option 2) Depending on what kind of router you have, this may well be the best option - let your Tiny proxy box pass port 20/21 both ways (ftp-data and ftp ports), and set the *router* to do the NAT/PAT translation. If, for example, you have anything with CBOS (small Cisco appliances), you can do something like "set nat entry add <target box> 21 <incoming Tiny box IP> 21 tcp" and then do a write and you should be away and running. If you have IOS it'll be pretty similar ("en", "conf t", "set ip...." and so on).

This *should* give you adaquate information, unless Tiny is really wacky - which it shouldn't be *too* far off ... at least not for this.

Let me know how it goes - I'll check in here tomorrow (just took my exam for an online course and I'm thrashed).

Good luck

~N~

[nietzsche]

Again, I apologize for not being familiar with Tiny ... Hey! Wait a second ... why not put the router as the DMZ between the cloud and your n computers?? What kind of router is this, out of curiosity? My money's on a Linksys or some such. That'd work if you have a hub/switch ... it'd look like this, and would function LOADS better than a software solution (Tiny)... that's built upon a compromizable, buggy, software package (98):


[Cloud] <-----> [Router (eth0 = DHCP; eth1 = 192.168.0.1)] +---[PC0 192.168.0.10]
| (Webserver)
|-------[PC1 192.168.0.11]
| (FTP)
|-----------[PC2 192.168.0.12]
(etc, etc.)

*this* would be the ideal thing.

~N~

[Pooh-Bear]

Thanks Nietzsche, only one problem.. It´s not supposed to be a router, it´s a switch. Sorry, a bit of a hangover and a teacher that has problems with pupils acctualy trying to learn something. (ok ok, so I´m not reading the VB book but so what? hehe)

[{P²P}Apocalypse]

Get you a good router. The Linksys BEFSR series is good. You can get it in 1, 4, 8 and I belive a 16 port now. It offers great port redirection (on limited ports) as well you can harden your ftp server and set it outside in the DMZ.

[Guus]

A few months ago, I needed something simmilar - somewhere on the net, I found a program called PortTunnel (or something simmilar). It was kinda crappy, but it did the job for me - you install it on the gateway, and have it direct activity on ports 21 on 20 to the other, local computer. Like I said, it's kind a crappy, but it's great as a temporary solution. Don't have it anymore though, sorry.

[Pooh-Bear]

{P²P} nah, since it´s not my homenet I wont waste a great deal of money on it (a router is three times the price for a switch dammit)
Guus, no sweat, now I know where to start looking. And looking is half the fun (atleast when you finaly find the damn thing)
Thanks!