RE: Proftp behind firewall problem solved

To: Rob Weir <rweir@softhome.net>, Debian-User <debian-user@lists.debian.org>
Subject: RE: Proftp behind firewall problem solved
From: Michael Olds <MikeOlds@pacbell.net>
Date: Mon, 09 Dec 2002 05:19:42 -0800
Message-id: <[🔎] NGBBLDIFELPCGLIINMHCOEFDCHAA.MikeOlds@pacbell.net>
In-reply-to: <[🔎] 20021209083833.GC17659@thebox.home.local>

Thanks for the response Rob,

I should be recognizing this by now...whenever I shoot off my mouth about
having solved a problem, it isn't really solved at all: Mistaking the fact
that it works for the solution of the problem.

1. This is a one-man 2-computer setup, so I generally ftp from behind the
firewall, but I would like it to work just to make it work, and I will
eventually want it to work for a couple of friends whose sites I would like
to host.

2. I am probably using the wrong terminology. I use Cute FTP. The settings
for this connection are:
SFTP using SSH2 (Secure Shell) port 22
Use Global Settings
and I have SSH2 set up on the Linux box and it works (meaning I connect and
I can up and download files).

My (thin-film level) understanding was that SSH2 actually pretended to be
whatever open ports were necessary for the communication, but all traffic
went through 22. At this time the firewall is actually closed on 20 and 21
and everything else except 22, 80, 110, 25.

The address I connect to is not the internal IP but the domain name; the
client log shows it is going through the Internet and is initializing SFTP
module.

So I don't know what to say here.

Answering your second response here, I do not know what more I can do to
look into it further except to let my understanding mature to the level
where I can see what I am overlooking. I bought O'Reilly's TCP/IP Network
Administration and a half dozen other books and have read the various
manuals (and Google how to pages where this very problem seems to be being
solved all the time) and tried a huge number of variations on that setup
with no success.

Best Wishes!
Mike Olds www.buddhadust.org

-----Original Message-----
From: Rob Weir [mailto:rweir@softhome.net]
Sent: Monday, December 09, 2002 12:39 AM
To: Debian-User
Subject: Re: Proftp behind firewall problem solved

On Mon, Dec 02, 2002 at 02:51:50PM -0800, Michael Olds wrote:
> Hello again,
>
> I should be recognizing this by now...whenever I am about to send a
message
> to a help list I am about five minutes from solving the problem...and of
> course if I actually get as far as describing the problem in great detail
> the solution is sure to make me look like an idiot.
>
> In this case: opening port 21 or 20, or setting up a range of thousands of
> open ports for PASV mode for SFTP won't do it. Gotta open port 22 in the
> firewall. That was all it took.

Uh, that's weird.  I don't think this can be very robust, since the data
port is semi-randomly chosen...Plus, it's the SSH port, so how are you
going to SSH/sftp/scp into that machine?

-rob

Reply to:

Follow-Ups:
- Re: Proftp behind firewall problem solved
  - From: Rob Weir <rweir@softhome.net>

References:
- Re: Proftp behind firewall problem solved
  - From: Rob Weir <rweir@softhome.net>

Prev by Date: Swedish latex?
Next by Date: DR John cabor
Previous by thread: Re: Proftp behind firewall problem solved
Next by thread: Re: Proftp behind firewall problem solved
Index(es):
- Date
- Thread