Jeff, I was surprised to see that both CuteFTP and WS_FTP Pro clients both support SFTP. You have to look around a bit to find it, but its there.
Bummer to have to open a range. Luckily I only open FTP to a few Ips anyway. FTP/SSL is getting more and more popular (especially since HIPPA). I hope the netfilter guys do some work for it. Sean > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Jeff Newmiller > Sent: Monday, October 13, 2003 2:57 AM > To: Sean > Cc: 'Leaf-User' > Subject: Re: [leaf-user] Ftpd-ssl behind Bering? > > > On Fri, 10 Oct 2003, Sean wrote: > > > I have an FTP/SSL server behind a Bering firewall. Problem is this: > > > > Oct 9 20:02:57 firewall Shorewall:net2all:DROP: IN=eth0 OUT= > > MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 > > DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57030 DF > > PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN > > URGP=0 Oct 9 20:03:03 firewall Shorewall:net2all:DROP: IN=eth0 OUT= > > MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 > > DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57542 DF > > PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN > > URGP=0 > > > > The setup is this: 3 interface Bering. FTPD/SSL in a DMZ - > > 192.168.2.1. Port-forwarding port 21 to the DMZ. Connecting fails > > when it tries to connect the data channel. > > > > The connection works great from the private network to the DMZ. > > > > Ip_conntrack_ftp and ip_nat_ftp are loaded. A standard FTPD > > connection works just great. > > I know almost nothing about FTPD/SSL, but I know about FTP, > and I know about SSL. I would have to say the chances of > ip_conntrack_ftp or ip_nat_ftp helping in any way with > FTPD/SSL would be very close to zero, since these modules > depend on examination of the information exchanged over the > control connection, which is what SSL is all about preventing. > > I think you will have to fall back on forwarding a specified > range of ports for data connections and configuring your > FTPD/SSL server to restrict itself to those ports. This is > only effective for a relatively small number of connections > per minute. > > SFTP (ftp over ssl) is a much more practical secure data > transfer mechanism, since it uses only a single connection > for all data transfer. > Getting Windows users to use it may be a challenge at this > time, though, because it is not a widely accepted protocol. > > -------------------------------------------------------------- > ------------- > Jeff Newmiller The ..... > ..... Go Live... > DCN:<[EMAIL PROTECTED]> Basics: ##.#. > ##.#. Live Go... > Live: OO#.. Dead: > OO#.. Playing > Research Engineer (Solar/Batteries O.O#. #.O#. with > /Software/Embedded Controllers) .OO#. > .OO#. rocks...2k > -------------------------------------------------------------- > ------------- > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > SourceForge.net hosts over 70,000 Open Source Projects. See > the people who have HELPED US provide better services: Click > here: http://sourceforge.net/supporters.php > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/l> eaf-user > SR > FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
