Tunneling FTP over SSH through an IPTables NAT/Filter setup...

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Poupart <cpoupart@canada.com>
To: netfilter <netfilter@lists.netfilter.org>
Subject: Tunneling FTP over SSH through an IPTables NAT/Filter setup...
Date: Tue, 22 Oct 2002 09:27:13 -0400	[thread overview]
Message-ID: <3DB55231.6050802@canada.com> (raw)

I am trying to tunnel FTP over SSH, as it sais in the subject, using 
Dreamweaver MX as the FTP client and PuTTY as the SSH client.

I believe what this setup does by default is to send the FTP commands 
via the SSH tunnel, but then to return information and send data through 
another port (the FTP client defaults to Passive when I tell Dreamweaver 
to tunnel through SSH.)

Because the command strings are sent through SSH, the ftp_conntrack 
module will not work to recognize the other connections are RELATED or 
ESTABLISHED.

What I end up with is a connection, through which I can not browse the 
remote directories, nor upload or download files.  FTP by itself works fine.

The rules are pretty simple.  Defaut drop policies, followed by standard 
MASQ rules, and then INPUT rules that only allow RELATED or ESTABLISHED 
rules back in.  There are no OUPUT rules for the moment.

I tried allowing all connections from the FTP server back through, but I 
am not sure if I wrote the rule correctly.

The funny thing is, if I use the SSH client from SSH.com, they have an 
"FTP" mode for tunneling, and that works fine with my setup.  I guess 
that it has some built in connection tracking itself?

Any help would be much appreciated.

-- Chris

next             reply	other threads:[~2002-10-22 13:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-22 13:27 Chris Poupart [this message]
2002-10-22 16:15 ` Tunneling FTP over SSH through an IPTables NAT/Filter setup Antony Stone
2002-10-22 23:23 ` Nick Drage

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DB55231.6050802@canada.com \
    --to=cpoupart@canada.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.