Re: FTP - Local or Redirect?
From: ME (trash.trash_at_comcastDOTnet)
Date: 07/23/03
- Next message: Lars M. Hansen: "Re: ICMP entries in firewall log"
- Previous message: Ida Young: "Re: ICMP entries in firewall log"
- In reply to: Ida Young: "Re: FTP - Local or Redirect?"
- Next in thread: John Prather: "Re: FTP - Local or Redirect?"
- Reply: John Prather: "Re: FTP - Local or Redirect?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Jul 2003 15:08:11 GMT
Folks, the problem & question is not "how to authenticate", rather it is how
to "CONNECT" to the server wether that be via a redirected port on the
firewall (redirected to an internal FTP server) or directly (the service
runs on the firewall. I have already decided to use simple FTP to
authenticate. As for smb the thought is samba would be involved in some
form to mount the network shares (think something along the lines of DFS) to
the FTP server.
thanks,
Matt
"Ida Young" <nospam@rogers.com> wrote in message
news:zpxTa.48450$zwL.40758@news04.bloor.is.net.cable.rogers.com...
> As Mike said, the main problem with FTP is sending user's credential in
> clear text over the network. You can set up ssh service in your FreeBSD,
and
> you and your frields can use sftp in UNIX and psftp from putty for Windows
> to download your files.
>
> Another way to solve the problem is to authenticate the users before your
> frields use ftp to download your files. I am not sure whether the firewall
> you are using supports User Authentication or not. ITShield firewall can
do
> it easily. You can set up a rule like: From Internet to
> your-ftp-server:21/TCP, using proxy_ftp, and Auth. Therefore, only users
> authenticated by the firewall can use ftp service.
>
> Ida Young
> http://www.itshield.com
>
>
> "Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message
> news:uqAHA5NUDHA.2200@TK2MSFTNGP11.phx.gbl...
> > The main problem with FTP is sending user's credential in clear text
over
> > the network. See if you can go around this with using SSL on your FTP
> Server
> > (your server has to support this options). By default this is not an
> options
> > with any of IIS versions (without using WebDAV).
> >
> > --
> > Mike
> > MCSA 2K, MCSE 2K, MCT, ...
> >
> > "ME" <trash.trash@comcastDOTnet> wrote in message
> > news:D%nTa.113046$sY2.49776@rwcrnsc51.ops.asp.att.net...
> > > I am would like to setup an FTP server for a select few of my family
and
> > > friends. My firewall is running FreeBSD 5.1 and natd. I have an
Win2k
> AD
> > > Domain Controller (yes for my own house, it makes things easier for
me.)
> > > behind the firewall. It seems I have two options for setting up the
FTP
> > > server:
> > >
> > > 1. I can run the FTP daemon on the firewall and mount the windows
> boxes
> > > to it using smbmount.
> > >
> > > 2. I can redirect (port redirection via NATD) the FTP traffic to the
> > Win2k
> > > box and mount the FreeBSD shares to it using Samba.
> > >
> > > The question is, which would be the best approach, both from a
security
> > > perspective as well as a performance perspective. I understand that
ftp
> > is
> > > not a secure protocol and I am willing to accept the risks involved
but
> I
> > > would like to limit them as much as possible.
> > >
> > > Thanks,
> > >
> > > Matt
> > >
> > >
> >
> >
>
>
- Next message: Lars M. Hansen: "Re: ICMP entries in firewall log"
- Previous message: Ida Young: "Re: ICMP entries in firewall log"
- In reply to: Ida Young: "Re: FTP - Local or Redirect?"
- Next in thread: John Prather: "Re: FTP - Local or Redirect?"
- Reply: John Prather: "Re: FTP - Local or Redirect?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
