You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-users@mina.apache.org by Mauro Asprea <ma...@gmail.com> on 2012/08/28 16:58:59 UTC
ipv6, subdomain and DNS
Hi, I was thinking about how to create a setup that would allow to have
"virtual servers" in FTP. Since I understand that there are no headers
like in HTTP and in spite of the existence of the HOST command (but most
clients doesn't implement it) I think that the only solution to have "a
lot" of clients is to use IPv6?
I have one instance of the FTPServer, bind to all the addresses and one
port (2221). I also implemented a virtual file system (using FtpFile
interface) and based in my custom UserManager implementation I authorize
the access for different resources for each user. The users are
"grouped" in a way that each group can access a specific part of the
virtual file system. Because I don't want to be playing with different
ports for each "group" of users (they are like sub-accounts of a main
account), I though that it would be great to have subdomain based
addresses like so:
group1.example-ftp.com -> where account1 can login
group2.example-ftp.com -> where another account1 can login
The issue I have is to how to detect group1 subdomain from group2to be
able to load a the proper UserManager and authorize the user for each group.
One idea is to use IPv6 like this:
Register a groupname
Acquire an new IPv6 address in the FTPServer machine
Register a subdomain "groupname" andpoint the DNS AAAA to the new ip address
Do you think this would work?
There are any security issues for making public the IPv6 address?
Any ideas how to acquire a buch of IPv6 addresses all at once in linux?
I need this so I can avoid having to do restart the network (??)
It would be really more simpler to handle all this with different ports
for each group?
Any comment would help :D
Thanks
--
Mauro Asprea
E-Mail: mauroasprea@gmail.com
Mobile: +34 654297582
Skype: mauro.asprea
Re: ipv6, subdomain and DNS
Posted by David Latorre <dv...@gmail.com>.
Why don't you just use a single User Manager which returns a different
FileSystem 'Root folder' depending on the group the user belongs to?
2012/8/28 Niklas Gustavsson <ni...@protocol7.com>
> On Tue, Aug 28, 2012 at 7:43 PM, Mauro Asprea <ma...@gmail.com>
> wrote:
> > There is a maximum number of Listeners (eg: ports) that I can have
> > available?
>
> No hard limit, except for the number of available ports (and
> memory/CPU resources).
>
> /niklas
>
Re: ipv6, subdomain and DNS
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Tue, Aug 28, 2012 at 7:43 PM, Mauro Asprea <ma...@gmail.com> wrote:
> There is a maximum number of Listeners (eg: ports) that I can have
> available?
No hard limit, except for the number of available ports (and
memory/CPU resources).
/niklas
Re: ipv6, subdomain and DNS
Posted by Mauro Asprea <ma...@gmail.com>.
Never mind. I figured out that IPv6 is not ready yet. Heck! Not even my
current ISP gives me IPv6 internet!
So I guess I'll have to dynamically create listeners to enable new ports
for each "group"
There is a maximum number of Listeners (eg: ports) that I can have
available?
> Mauro Asprea <ma...@gmail.com>
> August 28, 2012 4:58 PM
> Hi, I was thinking about how to create a setup that would allow to
> have "virtual servers" in FTP. Since I understand that there are no
> headers like in HTTP and in spite of the existence of the HOST command
> (but most clients doesn't implement it) I think that the only solution
> to have "a lot" of clients is to use IPv6?
>
> I have one instance of the FTPServer, bind to all the addresses and
> one port (2221). I also implemented a virtual file system (using
> FtpFile interface) and based in my custom UserManager implementation I
> authorize the access for different resources for each user. The users
> are "grouped" in a way that each group can access a specific part of
> the virtual file system. Because I don't want to be playing with
> different ports for each "group" of users (they are like sub-accounts
> of a main account), I though that it would be great to have subdomain
> based addresses like so:
>
> group1.example-ftp.com -> where account1 can login
> group2.example-ftp.com -> where another account1 can login
>
> The issue I have is to how to detect group1 subdomain from group2to be
> able to load a the proper UserManager and authorize the user for each
> group.
>
> One idea is to use IPv6 like this:
>
> Register a groupname
> Acquire an new IPv6 address in the FTPServer machine
> Register a subdomain "groupname" andpoint the DNS AAAA to the new ip
> address
>
> Do you think this would work?
> There are any security issues for making public the IPv6 address?
> Any ideas how to acquire a buch of IPv6 addresses all at once in
> linux? I need this so I can avoid having to do restart the network (??)
> It would be really more simpler to handle all this with different
> ports for each group?
>
> Any comment would help :D
>
> Thanks
>
--
Mauro Asprea
E-Mail: mauroasprea@gmail.com
Mobile: +34 654297582
Skype: mauro.asprea