Proper set up of uftp behind firewall
Encrypted UDP based FTP with multicast
Brought to you by:
dennisbush
Menu
▾
▴
Here is my setup:
uftp server runs on a Windows machine on Network A. The machine is behind a firewall but not NATted. Let's assume the IP address of the machine is 15.16.17.18.
uftp client runs on a Ubuntu machine that is behind a firewall on Network B. The internal IP address is 10.12.1.15. Let's say the external IP address is 19.20.21.22.
On the server firewall, I allow uftp.exe to have any network access.
On the client firewall, I have opened port 1044 to forward UDP traffic to 10.12.1.15.
Still, the server is not able to send a file. It times out after 20 tries.
I even tried to play with server and client proxies (although I don't think it is needed in my specific case). The server proxy is able to send heartbeat to the client proxy and receive a response. However, file transfer still doesn't work.
I am wondering, given all the IP addresses that are involved, if someone can tell me what should be proper parameters on uftp server and uftpd client daemon.
Thank you in advance for your help.
Regards,
Peter
Peter,
Are you running in multicast or unicast mode? In multicast mode, all firewall / routers between the server and the client would need to be configured to allow multicast traffic to pass. If that's not the case, then a server proxy and a client proxy would be needed to tunnel multicast traffic.
If you're running in unicast mode, the open port on the client firewall should be enough. When you run the server, pass it "-M 19.20.21.22". That tells the server to send directly to the firewall, which will in turn pass the packets to the client.
Alternately, the unicast setup can be accomplished without opening a port on the firewall with a single server proxy. The server proxy would reside outside the client's network, and the client would be configured to send heartbeats directly to the server proxy. This does the necessary UDP hole punching through the firewall. The server can then send either directly to the server proxy with unicast, or it can use multicast if the server proxy is placed in a network that is multicast-accessable to the server.
Regards,
Dennis
Dennis,
As always, thank you for your help.
OUr real setup is as follows:
server machine==>cisco router 1==>cisco router 2==>satellite==>client machine(s)
Router 1 is in our office and Router 2 is the hub provided by the satellite company.
They have set up a tunneling between router 1 and router 2. I can "ssh" into router 2.
In this setup, do I need to run proxy anywhere?
Regards,
Peter
Peter,
You've mentioned that the client is behind a firewall, but that's not noted in your network setup.
Given that you're using a satellite network, I'm assuming that you want to use multicast to send to multiple clients at once. That being the case, and assuming as well that you have some control over each of the routers (including the client side of the satellite), you might want to try setting up static multicast routes in each of the routers for the range of multicast addresses you intend on using.
Regards,
Dennis
I know the registration happens using their non-multicast addresses, so both the server and client firewall need to allow that.