> foo% ssh -L 1234:bar:21 foo
>
> Which I take to mean this: "create an ssh session between foo and foo, but
> forward foo's port 1234 to bar's ftp port." I shoul;d be able to ftp to
> foo's local 1234 and actually be connected to bar's ftp, right?
>
> Thus:
>
> foo% ftp localhost 1234
Originally FAQ stated that one should do "ftp foo 1234" which actually
worked as long as 'foo' "equals" to interface which has route to the
'bar' (vast majority of cases). Now FAQ says "ftp localhost 1234" which
won't ever work unless you engage PASV mode (which vanilla UNIX ftp
clients do *not* support). It's possible to make it work with localhost
and vanilla UNIX ftp client (see
http://fy.chalmers.se/~appro/ssh_beyond.html#secure_ftp for additional
information and patch for SSH 1.2.27), but it was never implemented (nor
adopted) by the code maintainers. At least not in Unix versions as
Macintosh SSH v2.1 client appears to do some magic, as well as Mindterm
(figured out recently:-).
> Connected to localhost.
> 220 bar FTP server (SunOS 5.7) ready.
> ...
> 425 Can't build data connection: Connection refused.
Because bar wants to connect to localhost:X (i.e. port X at bar) while
you're listening at foo:X.
Andy.
