Re: FTP server behind firewall?
On Thu, 17 Apr 2008 07:59:20 +0300, Manolis Kiagias <[EMAIL PROTECTED]> wrote: >Running an FTP behind a home DSL router is perfectly possible. You will >just have to open a range of ports on the router itself eg 25000-25050 >and forward them to your ftp server internal IP address. Then set the >FTP server to only use these ports for passive transfers. Thanks guys, I think I'll try this, as it's the easiest to allow VB clients to upload files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server behind firewall?
On Thursday 17 April 2008 04:32:41 Gilles wrote: > Actually, we don't necessarily need an FTP. Whatever solution to send > files is fine, provided I can add this feature in a VB Classic client > application. Depends a bit on the max filesize and number of files. You can do a HTTP POST request, using a simple upload script (numerous examples of those to be found on the web). Of course, the traffic for that is larger since it will be base64 encoded. On the plus side, you don't need local user accounts on the ftp server, while still having full control over where the files end up. This can get tedious if you have multiple small files, or filesizes in the order >100M. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server behind firewall?
On Apr 17, 2008, at 12:59 , Manolis Kiagias wrote: Gilles wrote: On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel <[EMAIL PROTECTED]> wrote: What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html Unfortunately, the router/NAT firewall can be neither replaced nor tweaked, since it's a modem/router provided by our ISP. Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. Hi, May be you can consider using sshd + sftp on Server. (Single Port for just about everything, see below) PSCP or PSFTP (from same as PuTTY) allow send / receive file via command line, eg. you can issue "exec" from VB to send files. "pscp [options] source [source...] [EMAIL PROTECTED]:target" (PSFTP is prefer over PSCP, but PSCP is simple) http://www.putty.nl/download.html Also, bind sshd on high port will prevent too many port scan and the connection is consider to be more secure than ftp. IMHO, sftp is more easily managed than ftp in the long run (Both Server and Client). ps. I also use ssh to forward 3389, the M$ Terminal Server (even XP has one), no need for PC ANYWHERE. If you need to solve problem remotely, you don't need to open another port (PC ANYWHERE needs 2). J. Running an FTP behind a home DSL router is perfectly possible. You will just have to open a range of ports on the router itself eg 25000-25050 and forward them to your ftp server internal IP address. Then set the FTP server to only use these ports for passive transfers. For example, I am using ftp/proftpd and have this directive in the configuration file: PassivePorts 25000-25050 You will, of course, need to forward port 21 as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server behind firewall?
Gilles wrote: On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel <[EMAIL PROTECTED]> wrote: What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html Unfortunately, the router/NAT firewall can be neither replaced nor tweaked, since it's a modem/router provided by our ISP. Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. Running an FTP behind a home DSL router is perfectly possible. You will just have to open a range of ports on the router itself eg 25000-25050 and forward them to your ftp server internal IP address. Then set the FTP server to only use these ports for passive transfers. For example, I am using ftp/proftpd and have this directive in the configuration file: PassivePorts 25000-25050 You will, of course, need to forward port 21 as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server behind firewall?
On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel <[EMAIL PROTECTED]> wrote: >What control do you have over the firewall? One of the cleaner >solutions would be to run an ftp proxy on the firewall, such as that >supplied with pf. See ftp-proxy(8) or >http://www.openbsd.org/faq/pf/ftp.html Unfortunately, the router/NAT firewall can be neither replaced nor tweaked, since it's a modem/router provided by our ISP. Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FTP server behind firewall?
Gilles wrote: > Hello > > We have FreeBSD server on our private LAN behind a NAT firewall on > which I'd like to add an FTP server so that customers can send us > stuff. > > Problem is, since customers might have a NAT firewall on their end, > the client application must connect in passive mode... but this just > moves the problem to our end, where the FTP server will open a random > port for data... to which the client will fail connecting since our > NAT firewall is keeping them out of our LAN :-/ > > Is there a way to keep our server in the private LAN and still provide > a way for customers to upload data? Hard-code the socket number used > by the FTP server for data? Use a different type of server? What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html --Jon Radel smime.p7s Description: S/MIME Cryptographic Signature