I feel it is important to recognise the Suse Firewall for what it is. It is by the most part a Statefull Packet Filter with options to open specific ports which a source packet does not originate, hence the allowed services we open by means of the "Firewall" are an exclusion of that source Port(s); for which a normal SPF would deny.
I trust you are all aware that the Suse Firewall prime consideration is Statefull Packet Management not just opening and closing port access. If you are having issues with the Suse Firewall, perhaps the focus needs to be placed on the efficiency of the SPF first and foremost. Kind Regards Scott Matthew Stringer wrote: > Hi, > > I've several oS10.2 boxes running pure-ftpd. they're sat behind a firewall > that only allows access to the FTP service from certain IP addresses. > > What I'm hoping to achieve is to create a bastion host box that allows SSH > connections from anywhere, I can then create users on that box who'll be able > to create an SSH tunnel to the FTP machines. > > So ssh -L 21:FTP-Machine:21 [EMAIL PROTECTED] to create the tunnel. > > then ftp to localhost should connect you. > > I've read several how-to's which suggest the above will work fine, and > although I can connect I can't actually do anything. > > ayane:/etc/ssh # ftp localhost > Trying 127.0.0.1... > Connected to localhost. > 220-Welcome to Pure-FTPd. > 220-You are user number 1 of 10 allowed. > 220-This is a private system - No anonymous login > Name (localhost:root): matts > 331 User matts OK. Password required > Password: > 230-User matts has group access to: users > 230-This server supports FXP transfers > 230 OK. Current restricted directory is / > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls > 229 Extended Passive mode OK (|||43818|) > 425 Can't create the data socket: Invalid argument > 200-FXP transfer: from xxx.xxx.xxx.xxx to 127.0.0.1 > 200 PORT command successful > 425 Could not open data connection to port 11573: Connection refused > ftp> > > I can't use sftp or something else due to the specific ftp client my users > have, I can't alter the FW to allow access from my users IP's as they're on > dynamic connections. > > Can someone suggest a way forward, would be quite useful to get this working. > > Matthew > > >
smime.p7s
Description: S/MIME Cryptographic Signature
