I'm not sure....lemme try it out and report back to the list....however, I'm not sure that PORT options would work, since you're going to be coming from a different IP regardless....unless of course you implement IP address spoofing on your remote workstation....which would set off all kinds of triggers on the way to the host anyway...
The point I was trying to make was that under default conditions, all modern FTP daemons (and most other daemons nowdays) are sensitive to smurf/spoof attacks. So changing the source IP address midstream will tend to set off bells and whistles galore. To avoid this, just implement the "ignore" to the address change ONLY on the local machine...that's what the sample config I sent was all about. I'm still trying to break this and see if there is any inherent weaknesses....but time and resource constraints slow me down. Oh yeah....lest I be a pig and forget....this tunneling trick was originally taught to me by Warren Togami when applied to VNC....now like many others in the linux world....my lab uses this trick for all kinds of stuff....like running a tar session across an SSH link so that I can do a tape backup from a machine that doesn't have a tape, to a machine that does....all encrypted... that and rsync runs great over ssh too... /brian chee University of Hawaii ICS Dept Advanced Network Computing Lab 1680 East West Road, POST rm 311 Honolulu, HI 96822 808-956-5797 voice, 808-956-5175 fax ----- Original Message ----- From: "Vince Hoang" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Erich S." <[EMAIL PROTECTED]> Sent: Monday, December 09, 2002 2:58 PM Subject: Re: [luau] Secure FTP to RedHat 7.3 box? > On Mon, Dec 09, 2002 at 02:27:49PM -1000, Brian Chee wrote: > > Here's the section of the proftpd.conf file that you really need.... > > > > # Allow foreign addresses to support SSH tunneling > > AllowForeignAddress on > > Is this option still required if FTP tunneling runs over PORT > instead of PASV mode? (Excellent summary, btw.) > > -Vince > _______________________________________________ > LUAU mailing list > [EMAIL PROTECTED] > http://videl.ics.hawaii.edu/mailman/listinfo/luau
