Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- From: "nemo_outis" <abc@xxxxxxx>
- Date: 09 Dec 2005 19:30:28 GMT
Just A. User <user@xxxxxxxxxxx> wrote in
news:s3djp1hhdbcfgguk4g989s83i72f1k9339@xxxxxxx:
> thanks for your reply.
>
> I too am using Serv-U as a server and tunnel via secure tunnel. But
> I'm not sure what domain IP address if should fill in and what FTP
> port number. I've been using 127.0.0.1 on port 21 (thats the socks
> proxy i guess) but not sure that this is working correctly. As you
> can tell, not the most experienced in this area.
>
> For the client, I'm using WS_FTP Pro, but I don't think it support
> this feature. I'm going to try the FlashFXP that you recommended.
> But I'll probably need some help getting it into the tunnel too.
>
> Maybe someone can attach screen shots? I would ask secure tunnel
> directly, but their service on such matters really sucks. Thats why I
> asked if anyone was familiar with Secure Star and their new tunnelling
> service.
>
> Thanks!!
>
Servu directly supports SSL/TLS. Say, for simplicity, that you set it up
to ONLY use implicit SSL. Generate your own certificate (read the servu
docs).
Assuming you are behind a router and your WAN IP is xxx.xxx.xxx.xxx and
your LAN IP is yyy.yyy.yyy.yyy (perhaps in the 192 series) you would set
Servu up to respond on 127.0.0.1 and some port (zzzz, say - it doesn't
much matter) in PASV mode with a range of ports for the data channel (I
use 5001-5049) using xxx.xxx.xxx.xxx as the announced "callback" IP.
You would set your router to listen on some FTP port (I don't like 21 -
tips off the ISP; pick something like 1333, unless you think you'll have
firewall problems at the other end when trying to access your site) and
map/forward it through the router as zzzz (to yyy.yyy.yyy.yyy) to match
where servu is listening on the LAN side. Also make sure the router
won't block your data ports (the 5000 series). Incidentally, there's
usually no reason why the LAN port zzzz cannot be the same as the WAN
port (1333 in my illustrative case).
Create a user with appropriate name, password, directory access, etc.
So much for the server side.
I'll assume we won't bother with client-side certificates but rely on
passwords. Set your client up (ws_ftp works just fine, no need to switch
to flashfxp)) to only use implicit ssl when talking to your home server.
Put your servu site's parameters into ws_ftp site manager using
"ftp/implicit SSL" as the connection type, xxx.xxx.xxx.xxx as the server
address, PASV as the mode, the right name and password, and in the
advanced submenu change the port to servu's wan-side port (1333 in our
case). It's also worthwhile to check the 128-bit security box under
"advanced" "SSL". You're done!
This setup would allow you to, say, exchange encrytped files to and from
your home server from work. Be aware, however, that, although the
sysadmin will not know *what* you are transferring, he will know *that*
you are transferring (unless he's completely asleep at the switch). You
are secure but NOT stealthy! Check out if this will draw heat in your
circumstances!
Regards,
.
- Follow-Ups:
- Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- From: Just A . User
- Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- References:
- How do I FTP via a secure tunnel (set up instructions requested pls)
- From: Just A . User
- Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- From: nemo_outis
- Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- From: Just A . User
- How do I FTP via a secure tunnel (set up instructions requested pls)
- Prev by Date: Re: anonymous surfing
- Next by Date: Re: How do I FTP via a secure tunnel (set up instructions requested
- Previous by thread: Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- Next by thread: Re: How do I FTP via a secure tunnel (set up instructions requested pls)
- Index(es):
Relevant Pages
|
