My network as it stands currently is as follows. I have several PCs sitting attached to a switch which is then attached to a dedicated firewall machine which is running Smoothwall 3.0 and acting as a router for that segment of my network. The firewall machine in turn is attached to a DSL modem/router. The DSL modem/router is attached to my ISP.
I have recently acquired a Dell poweredge server on which I have installed Debian server edition and proFTPd to host with. I inserted the server into my network by connecting it to the DSL modem/router so it is basically in parallel with the firewall machine and on it's own segment of the network. I can successfully connect to the server from my LAN and transfer files to and from the server to any of the other machines on my network using the servers internal IP. Then I hopped on the neighbor's WIFI signal with my laptop and can connected to my server using Filezilla and the DSL modem/router's external IP. It finds the server, connects, logs in, but when it does a LIST command I get a message that says "Server sent passive reply with unroutable address." I was using port 5686 and 5687 and have forwarded both ports in the virtual server section of my DSL modem/router. I have the passive ports set to 49153-65535 and have forwarded those as well. I have tried using active mode in Filezilla as well and I have the same problem where it hangs at the LIST command but I don't get the error message about the passive reply instead (if I remember correctly) it just times out after a while and says that the list command failed. Any advise on this would be great. Most of the time I have the server set up as the DMZ host in the DSL modem/router configuration.
I have a couple more questions. What would be the best way to proceed with this setup (once I get it working) to obtain a reasonable amount of security on my server? Should my server be on the DMZ of the DSL router/modem? If I put my firewall machine (which the server is NOT behind) on the DMZ instead would this cause any problems with people from the WAN trying to connect to my server machine? Should my server be put behind my firewall machine or is this going to cause more problems then it's worth. Should my server have it's own hardware firewall or would a software firewall suffice.
I have recently acquired a Dell poweredge server on which I have installed Debian server edition and proFTPd to host with. I inserted the server into my network by connecting it to the DSL modem/router so it is basically in parallel with the firewall machine and on it's own segment of the network. I can successfully connect to the server from my LAN and transfer files to and from the server to any of the other machines on my network using the servers internal IP. Then I hopped on the neighbor's WIFI signal with my laptop and can connected to my server using Filezilla and the DSL modem/router's external IP. It finds the server, connects, logs in, but when it does a LIST command I get a message that says "Server sent passive reply with unroutable address." I was using port 5686 and 5687 and have forwarded both ports in the virtual server section of my DSL modem/router. I have the passive ports set to 49153-65535 and have forwarded those as well. I have tried using active mode in Filezilla as well and I have the same problem where it hangs at the LIST command but I don't get the error message about the passive reply instead (if I remember correctly) it just times out after a while and says that the list command failed. Any advise on this would be great. Most of the time I have the server set up as the DMZ host in the DSL modem/router configuration.
I have a couple more questions. What would be the best way to proceed with this setup (once I get it working) to obtain a reasonable amount of security on my server? Should my server be on the DMZ of the DSL router/modem? If I put my firewall machine (which the server is NOT behind) on the DMZ instead would this cause any problems with people from the WAN trying to connect to my server machine? Should my server be put behind my firewall machine or is this going to cause more problems then it's worth. Should my server have it's own hardware firewall or would a software firewall suffice.