Re: Forwarding FTP with PuTTY

From: Richard E Silverman (res_at_qoxp.net)
Date: 06/07/03

• Next message: Richard E Silverman: "Re: OpenSSH (Priv) to SSH (Pub)"
• Previous message: Richard E Silverman: "Re: scp batch file"
• In reply to:(deleted message) Hactar: "Re: Forwarding FTP with PuTTY"
• Next in thread: Simon Tatham: "Re: Forwarding FTP with PuTTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 06 Jun 2003 22:48:09 -0400

>>>>> "Hactar" == Hactar <ebenONE@tampabay.ARE-ARE.com.unmunge> writes:

    Hactar> In article <bbqlfj$698$1@gladiola.noc.ucla.edu>, Lapp
    Hactar> <lapp@yandex.ru> wrote:
>> I have a server, running SSH (Linux RedHat 8.0) , and I want it to
>> be kind of a gate to access all inner LAN computers from outside
>> (all the TCP ports under 1024 are closed from outside on the router
>> - but SSH to that Linux box). I suppose to use Port Forwarding
>> technique with PuTTY. There is no problem to forward Telnet, but
>> forwarding FTP is an issue. I can easily forward Port 21 for
>> control connection, and I've read, that this is pretty much enough
>> if I don't need to secure the Data flow. But in my case it could
>> not to create a Data connection at all :-( .

    Hactar> Use passive mode FTP. Data and control both go over port 21,
    Hactar> IIRC.

This is wrong -- the TCP connections for data are always separate from
control in FTP, regardless of the "mode." Passive mode simply means that
they will be made from the client to the server, rather than the other way
around.

FTP is simply not amenable to static SSH port forwarding; it is very
awkward and often will not work at all, even if you don't care about
securing the data streams -- recall that the FTP protocol carries explicit
IP addresses and TCP sockets, which are liable to be screwed up by the
forwarding mechanics and the nearly ubiquitous plague of NAT.

-- 
  Richard Silverman
  res@qoxp.net

• Next message: Richard E Silverman: "Re: OpenSSH (Priv) to SSH (Pub)"
• Previous message: Richard E Silverman: "Re: scp batch file"
• In reply to:(deleted message) Hactar: "Re: Forwarding FTP with PuTTY"
• Next in thread: Simon Tatham: "Re: Forwarding FTP with PuTTY"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: FTP Client issues ... when I use FileZilla or smartFTP, ... 227 Entering Passive Mode. ... > after logging on the FTP server: ... > | Thread-Topic: FTP Client issues ... (microsoft.public.windows.server.sbs) Re: FTP on IIS6.0 Not Working ... can you login via ftp.exe to your IIS server? ... >From a remote machine using ftp.exe I can login and it accepts my password. ... (that's without passive mode checked...with passive mode checked it just ... server seem to indicate that I successfully logged in to ftp, ... (microsoft.public.inetserver.iis.ftp) Odd ftpd Problem ... My ftpd server fails when requesting passive mode from an internet client, ... I have a separate multi-homed server for the network firewall. ... except for the ftp passive mode. ... (linux.redhat.misc) Re: FTP server behind a PF firewall (including NAT) ... > Thank you, but I have a working PF configuration for FTP clients, both ... > for active and passive mode. ... > this firewall) that allows both active mode and passive mode clients. ... > Active-mode transfers are the easiest (again, allow connections to all ... (comp.unix.bsd.freebsd.misc) Re: Is ftp://sunsolve.sun.com ok? ... >>but using ftp was not successful, UNTIL i turned passive mode on, then it ... 220-Welcome to the SunSolve Online FTP server. ... 220-Contract customers should use the following 2-tier login procedure: ... 250 CWD command successful. ... (comp.unix.solaris)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint