SSH foorwarding of ftp to proftpd
nathan r. rhuby
yellowdog-general@lists.terrasoftsolutions.com
Sun Oct 6 14:12:00 2002
Hey folks,
I'm having some trouble forwading my FTP connections from home to my YDL
box via ssh.
I have setup the tunnel correctly with 'ssh -L2121:machine:21
me@machine' and can login with ncftp over the tunnell once my ssh
session is established. (I know I can just run sleep and start theftp
command in anohter window, but I want to test this and tweak ther server
while testing.. hence the open session)
The problem is that when trying an ls or any other PORT command, I get
"connect failed" errors. I've set ncftp to use PASV mode and added
"AllowForeignAddress on" in the /etc/proftpd.conf file, tried ftp : ALL
in /etc/hosts.allow and restarting xinetd several times.
Turing on debuging seems to make me think that proftpd is setting the
PASV port to the address of the server end of the tunnell (eg: its self)
as I see this in the debug log:
-- LOG
Oct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): dispatching PRE_CMD command 'PASV' to mod_core
OOct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): dispatching CMD command 'PASV' to mod_core
Oct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): Entering Passive Mode (xxx,yyy,zzz,aaa,128,223).
Oct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): dispatching LOG_CMD command 'PASV' to mod_log
--- LOG
Where 'machine' is my hostname and 'xxx.yyy.zzz.aaa' represents the ip
address of host 'machine' there's nothing of great import in messages,
though before setting AllowForeignAddress I saw rejects for PORT
commands from the IP address of my local box (eg: the one I *want* to
connect). After adding this these messages dissapeared things are still
broke.
I've read the docs at
http://proftpd.linux.co.uk/localsite/Userguide/linked/config_ftpoverssh.html
and I'm kinda stumped. Anyone successfully using ssh portforwarding
with proftpd on YDL? Tips tricks and M's to FR gladly taken.
[ ydl 2.3, proftpd-1.2.5rc1-1a, openssh-3.1p1-2.3a connecting from a
debian sarge ia32 box - all updates applied to both machines ]
I also found this bug [ Hey folks,
I'm having some trouble forwading my FTP connections from home to my YDL
box via ssh.
I have setup the tunnel correctly with 'ssh -L2121:machine:21
me@machine' and can login with ncftp over the tunnell once my ssh
session is established. (I know I can just run sleep and start theftp
command in anohter window, but I want to test this and tweak ther server
while testing.. hence the open session)
The problem is that when trying an ls or any other PORT command, I get
"connect failed" errors. I've set ncftp to use PASV mode and added
"AllowForeignAddress on" in the /etc/proftpd.conf file, tried ftp : ALL
in /etc/hosts.allow and restarting xinetd several times.
Turing on debuging seems to make me think that proftpd is setting the
PASV port to the address of the server end of the tunnell (eg: its self)
as I see this in the debug log:
-- LOG
Oct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): dispatching PRE_CMD command 'PASV' to mod_core
OOct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): dispatching CMD command 'PASV' to mod_core
Oct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): Entering Passive Mode (xxx,yyy,zzz,aaa,128,223).
Oct 06 15:38:07 machine proftpd[14860] machine (machine
[xxx.yyy.zzz.aaa]): dispatching LOG_CMD command 'PASV' to mod_log
--- LOG
Where 'machine' is my hostname and 'xxx.yyy.zzz.aaa' represents the ip
address of host 'machine' there's nothing of great import in messages,
though before setting AllowForeignAddress I saw rejects for PORT
commands from the IP address of my local box (eg: the one I *want* to
connect). After adding this these messages dissapeared things are still
broke.
I've read the docs at
http://proftpd.linux.co.uk/localsite/Userguide/linked/config_ftpoverssh.html
and I also found this bug:
http://bugs.proftpd.org/show_bug.cgi?id=1665
Which details a similar problem, but there is no resolution.
I'm kinda stumped. Anyone successfully using ssh portforwarding
with proftpd on YDL? Tips tricks and M's to FR gladly taken.
[ ydl 2.3, proftpd-1.2.5rc1-1a, openssh-3.1p1-2.3a connecting from a
debian sarge ia32 box - all updates applied to both machines ]
Thanks!
-n
--
......
nathan hruby - nhruby@arches.uga.edu
computer services specialist
uga drama & theatre
http://www.drama.uga.edu/
......