nginx 代理FTP && iptables 转发FTP

nginx

user root;
worker_processes 8;
worker_rlimit_nofile  40960;

events {
    use epoll;
        worker_connections 102400;
}

http {


        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 120;
        types_hash_max_size 2048;
        server_tokens off;
        fastcgi_buffers 8 128k;
        send_timeout 60;
        proxy_headers_hash_max_size 51200;
        proxy_headers_hash_bucket_size 6400;

        include /usr/local/openresty/nginx/conf/mime.types;
        default_type application/octet-stream;


        ssl_prefer_server_ciphers on;

        proxy_ignore_client_abort on;
        #access_log /var/log/nginx/access.log;
        #error_log /var/log/nginx/error.log;


        gzip on;
        gzip_disable "msie6";



        include /usr/local/openresty/nginx/sites-enabled/*;
}

stream {

    upstream cloudsocket {
       hash $remote_addr consistent;
      # $binary_remote_addr;
       server 133.64.36.129:21;
    }
    server {
       listen 21;#数据库服务器监听端口
       proxy_connect_timeout 300s;
       proxy_timeout 300s;#设置客户端和代理服务之间的超时时间，如果5分钟内没操作将自动断开。
       proxy_pass cloudsocket;
    }
}

客户机添加配置

iptables -t nat -A OUTPUT -d ftp-ip -p tcp --dport 21 -j DNAT --to-destination nginx-ip

iptables转发

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ftp-ip -o enp4s1 -j MASQUERADE

客户机添加配置

route add -host 133.64.36.129 gw 192.168.1.60 

ftp ftp-ip 

#切换被动模式
passive
lcd /tmp/ 
put test.txt