[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proftpd passive mode



Eduardo Gargiulo <ejg-debian@ar.homelinux.org> [2002-08-28 11:58:27 -0400]:
> I need to forward ftp port with ssh. It requires that ftp server allows
> passive connections. How can I configure proftpd to do that? Is there
> someone in the list that help me with this problem?
> I'm running debian/potato and proftpd 1.2.0pre10-2.0

Even passive ftp is not enough to be able to forward through a
specific port.  The passive mode only specifies the 'direction' of the
connections.  But the connections still happen on random and
unpredictable ports.  The data is sent 'out of band' from the
control.  Which solves one problem but creates another.  The one
created is that the data is sent by a separate connection.

In the kernel firewall rules an ftp module is loaded which dynamically
tracks ftp connections, follows the activity, sees that a dynamic data
connection is getting established, allows that one port through, etc.
A specific module handles ftp specifically because it is so well
known.  But no ftp module for ssh forwarding exists.  That would be
interesting but not really needed.

If you can ssh then you don't need ftp.  Just use ssh copy 'scp' to
copy the data.  I recommend using 'rsync -e ssh' for a copy program
will all of the functionality including kitchen sink thrown in.

If you require an ftp like interface then use ssh ftp 'sftp' which
uses ssh but with a new subsystem which provides an ftp like
interface.  Be forewarned however that sftp is not as mature of code
and some issues such as performance are being worked upon.

Bob


Attachment: pgpfIe8cidFhZ.pgp
Description: PGP signature


Reply to: