Hi folks!
I have a old HP desktop that I have set up with Proxmox, and I have a Debian vm running on it that I would like to access through FTP. I have set up vsftpd and it works well on the internal network, but would like to set it up so it is available on any network. I have a static IP.
Because of how my network setup is I am having some problems, and hope someone here might have some guidance.
I have a UniFi UXG-PRO. This is set up behind a TP link router and the ISP router (not optimal I know). This was done since the UXG could not get online directly behind the ISP router due to reasons only the ISP knows and refuses to tell me.
Within the ISP router I have set up port forwarding to the UXG, and in the UXG I have port forwarding to the ftp server. Is this the correct way to do this within my setup?
The ISP and UXG router are both on x.x.1.x, and the TPLink is on x.x.0.x if it matters. I am not able to reach the server from the ISP router network, only the UXG, even with port forwarding enabled. Firewall on the server is set to allow ftp connections on port 21
You really don’t want to do this. Read up on how ftp uses random ports and is not really secure and you will quickly change your mind. A good alternative is SFTP, part of SSH. It uses the same port and is much more secure.
Pleeeease don’t open an FTP server to the outside world - the potential of you landing in a world of shit is just too high.
Swap your learning project to running a vpn endpoint instead, you’ll understand more the reasons why as you go through the work. 😊
Absolutely DO NOT put FTP directly on the internet.
Open SSH or VPN to the internet first, if you have to, then FTP from there.
That said, you likely have a double- (or triple-) NAT issue, and would need to forward the traffic through both routers.
Either put the TP-Link and Unifi routers in Bridge mode, or spoof the ISP routers MAC address and take the ISP’s router out of the loop entirely. This is a networking/routing problem, and may be beyond the scope of this forum.
So you have a 10.0.1.x from your ISP, then have a 10.0.0.x for TP Link, then your UXG is creating a third 10.0.1.x behind the TP Link? There is either a collision between the USG and ISP router both using 10.0.1.x for their networks, or you are trying (incorrectly) to span a 10.0.1.x across both devices, but the 10.0.0.x network is in the way/not routing the traffic.
You will either need to build out the routing tables manually (pain in the ass), or correct your network topology. Start with a network diagram, and make sure you know what NAT means/the difference between routing and switching.
Ideally, your UXG would be the only internet-facing device, and would replace your ISP router directly, but this isn’t possible with most home ISPs. Your TP Link and any wireless APs would be in switch/bridge mode behind the UXG, and not creating a new network (routing).
Not sure of your level of routing knowledge, but assuming you don’t know, just setting your UXG to 10.0.1.0/32 will not make it the “same” network as your ISP router— it will try to create a new network in the same address space, unless you specifically set it to bridge/switch mode/disable routing/creating a network. And if you do this behind the TP link, you would need to create a static route to span the networks, but I don’t think this is what you are trying to do.
I think your issue with the UXG not working on your ISP router’s network directly is that both your ISP router and the UXG are creating/acting as the “gateway” on 10.0.1.1, resulting in a collision. Set the UXG to run as a bridge, or create a different network (10.0.2.0/32) while operating on the ISP subnet (10.0.1.0/32).