Blog

Managed File Transfer and Network Solutions

How to Setup a FTP Reverse Proxy

Posted by John V. on Thu, Jul 03, 2014 @ 04:30 PM

Overview

I'm now going to show you how to enable a reverse proxy service on JSCAPE MFT Gateway. By setting up a DMZ-based JSCAPE MFT Gateway to reverse proxy for one or more file transfer servers in your internal network, you can employ DMZ streaming. This will allow you to provide trading partners and other external users access to your sensitive data without placing the data on any DMZ-based server.  

Note: This post has been updated for JSCAPE MFT Gateway versions 3.0 and higher

When used with multiple file transfer servers, the Gateway can provide load balancing as well. But that belongs to another post. To learn more about load balancing with JSCAPE MFT Gateway read the article Load Balancing File Transfer Services.

While the instructions on this article can apply to any TCP/IP service, my example will be of an FTP service running on JSCAPE MFT Server, inside a Linux environment.  For more information on setting up an FTP server in a Linux environment please read the article Setting up a Linux FTP Server.

If you're not yet familiar with the benefits of using a reverse proxy and DMZ streaming, I suggest you read the article Using a Reverse Proxy to Keep Sensitive Data out of the DMZ first. There you'll learn more about the risks of storing data in the DMZ, the laws and regulations impacting data storage in the DMZ, and how a reverse proxy can help you achieve regulatory compliance. You might also want to familiarize yourself with the 3 Crucial Components for Enterprise File Transfers.

But if you're already familiar with all that, you may proceed to the next section.

Setting up an FTP reverse proxy using JSCAPE MFT Gateway

To give you an idea how my IP addresses are assigned, here's the network configuration in my lab. Notice how my client and file transfer server belong to separate networks. Notice also that my JSCAPE MFT Gateway machine has two NICs; one for each network. The client connects to 192.168.101.101, and JSCAPE MFT Gateway connects to JSCAPE MFT Server 1 through 192.168.100.104.

JSCAPE MFT Gateway Reverse Proxy

This is just a very simplified set up. A reverse proxy running in a production environment is usually deployed inside a DMZ, alongside one or two firewalls.

OK, let's get started.

To begin, fire up the FTP service on your JSCAPE MFT Server and start JSCAPE MFT Gateway. Next, launch your favorite Web browser and login to MFT Gateway via the JSCAPE MFT Gateway Manager by entering MFT Gateway's IP address and port number into your browser. See the documentation for more details.

The first thing we would like to do is add an FTP service to this reverse proxy. This is the FTP service the client will be connecting to. To set up the FTP service, go to the Services section of your JSCAPE MFT Gateway Manager and click the Add button.  

 

add ftp service resized 600
 

In the succeeding screen, select FTP from the Protocol drop-down list.

 

reverse proxy select ftp

 

You'll then be asked to specify the proxy service parameters. From the Local Host drop-down list, select the IP address of the NIC your client will be connecting to. In my case, that would be 192.168.101.101. Enter the Local port number of the service. Since this is a regular FTP service, we just enter 21.

Next, enter the IP address of the Remote host. In a production environment, this is would be the IP address of the file transfer server found in your internal network. In my case that would be 192.168.100.102. Also enter the Remote port number. Click Add.

 

add ftp proxy service screen resized 600

 

You'll then be brought back to the main screen where you should see your newly added FTP service. 

 

new ftp reverse proxy service resized 600

 

That's it! That's how easy it is to set up an FTP proxy using JSCAPE MFT Gateway. Anyone with the right credentials to the server in your internal network can now use an FTP client to connect to this FTP service just like he would with a regular FTP server. Notice there's no need to set up user credentials on the reverse proxy!

Here's how I connect using AnyClient.

 

anyclient

  

Summary

You just learned a safer way of providing file transfer services to your clients and trading partners without putting any data in your DMZ. With JSCAPE MFT Gateway's reverse proxy feature and DMZ streaming, regulatory compliance is easily achieved.

JSCAPE MFT Gateway comes with a fully-functional evaluation edition which you can download right now.

 

 

Download a FREE Reverse Proxy