:: Port 21 is forwarded correctly. Client uses Passive FTP. Login
:: seems to work, but then no data channel is opened. I don't even get
:: a directory listing. Any suggestions what I could have overlooked ?
: The data channel uses port 20, so I guess you need to forward that one too.
So far as I know, the data channels use pseudo-randomly selected ports.
Which makes it very very very very (and did I say "very"?) difficult
to forward the service statically.
But first of all, if you have an ssh link, why not use sftp? Or scp?
Or rsync? Or ssh foo tar -cf - whatnot | tar -xvf or similar?
Second, if you absolutely, positively, must use ftp, then you
will need to use ssh's -D facility, and one of runsocks,
dante socksify, or a socks-enabled ftp (or similar).
-D port
Specifies a local ``dynamic'' application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, and whenever a connection is made to this port, the connec-
tion is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the
remote machine. Currently the SOCKS4 protocol is supported, and
ssh will act as a SOCKS4 server. Only root can forward privi-
leged ports. Dynamic port forwardings can also be specified in
the configuration file.
And if you cannot use any of those (eg, the ftp client is part of
an app you can't socksify or modify), then you'll probably have to
download, configure, and use a socksified ftp proxy (I did that
once; one of the major ftp implementations has a good proxy mode
but I forget off the top of my head which one... I guess google
for it if you need to be this extreme.)
Wayne Throop
(E-Mail Removed) http://sheol.org/throopw
Similar Threads
Linear Mode
