On Fri, Nov 30, 2012 at 7:47 AM, Stuart Henderson wrote:
> Not exactly, but you might be able to do something with this, *before*
> your ftp-proxy rule:
>
> pass out quick proto tcp to 0.0.0.0/0 port 8821 rdr-to 0.0.0.0/0 port 21
> bitmask
>
> Then if you tell your ftp client to connect to port 8
On 2012-11-29, Chris Smith wrote:
> On Wed, Nov 28, 2012 at 12:48 PM, Chris Smith
> wrote:
>> Looks like skipping ftp-proxy for that target address works. Thanks!
>
> Is there any way to make this work automagically for ftps?
> Right now I'm doing this:
>
On Nov 29, 2012, at 11:35 PM, Theo de Raadt wrote:
>> Because they can just hack it on top of their crusty old ftp server
>> software, whereas using sftp would need much bigger changes?
>
> SSL/TLS makes everything more secure
And DPI-based products are slow to fix their issues caused by th
> >Because they can just hack it on top of their crusty old ftp server
> >software, whereas using sftp would need much bigger changes?
>
> SSL/TLS makes everything more secure
Never more so than when HSTS is enabled and you can't access paypal
because your clock is wrong due to a dead bios
>Because they can just hack it on top of their crusty old ftp server
>software, whereas using sftp would need much bigger changes?
SSL/TLS makes everything more secure
On Wed, Nov 28, 2012 at 12:48 PM, Chris Smith wrote:
> Looks like skipping ftp-proxy for that target address works. Thanks!
Is there any way to make this work automagically for ftps?
Right now I'm doing this:
anchor "ftp-proxy/*"
pass in quick on
* Stuart Henderson (s...@spacehopper.org) wrote:
> On 2012-11-28, Chris Smith wrote:
> > Also wonder why anyone in their right mind would use FTPS!?
>
> Because they can just hack it on top of their crusty old ftp server
> software, whereas using sftp would need much big
On Wed, Nov 28, 2012 at 1:43 PM, Hugo Osvaldo Barrera
wrote:
> Since you say this works with a standard home router, have you checked
> if maybe the server software uses nat pmp or something similar for port
> redirection?
I tested it with an Asus RT-AC66U with its UPnP feature disabled and
it wo
On 2012-11-28 14:33, Chris Smith wrote:
> On Wed, Nov 28, 2012 at 7:29 AM, Stuart Henderson
> wrote:
>> If the control connection is encrypted as with ftp+tls, then ftp-proxy
>> *cannot* work, as it cannot read the commands. So, if this is with NAT,
>> you can't rely on ftp-proxy to fix things up
On Wed, Nov 28, 2012 at 7:29 AM, Stuart Henderson wrote:
> If the control connection is encrypted as with ftp+tls, then ftp-proxy
> *cannot* work, as it cannot read the commands. So, if this is with NAT,
> you can't rely on ftp-proxy to fix things up, you will need ftp+tls
> software where you can
On 2012-11-28, Chris Smith wrote:
> Having some issues with a client system attempting to use a product called
> MoveItFreely to connect to server via FTPS (FTP with TLS). The firewall is
> running a snapshot from April, 3 2011 of version 4.9.
>
> I have added a pass rule for the
Having some issues with a client system attempting to use a product called
MoveItFreely to connect to server via FTPS (FTP with TLS). The firewall is
running a snapshot from April, 3 2011 of version 4.9.
I have added a pass rule for the additional (to port 21) requested ports of
989, 990, and
Can anyone point to an article comparing the protocols SFTP and FTPS
that meets all four of the following criteria?
a. is well-written
b. contains accurate information
c. contains uptodate information, not ten years out of date
d. is authoritative
>> I am implementing an FTP server and need it to use SSL/TLS. I
>> know ftpd doesn't support this, and was wondering if anyone had any
>> suggestions on an alternative. I know SFTP exists, but that is not
an
>> option, as the clients are not going to change. I know pure-ftpd
>> supports th
Just in case you don't know, "scponly" works great.
In our datacenter we need to give users access to "ftp"
but we also need a secure access. Since the users are not allowed to
gain SSH access we use the "scponly" solution.
I did not know that, and will look into t
It would be sweet if "we" could just simply set the users shell
to
usr/bin/false to prevent ssh while still allowing scp/sftp. I've
got a
hunch doing this involves non-trival code changes.
That's what I was lead to believe as well. My users will never be
connecting anonym
[EMAIL PROTECTED] wrote:
[very long...]
I haven't followed this thread thoroughly, but systrace(1) is part of
the base system.
regards,
Andreas
> another potential problem with FTPS vs. SFTP is
> firewalling. SFTP needs just one port, FTPS needs
> several, as its really just 'good' ole ftp. And I
> would certainly be curious how you would proxy an
> encrypted ftp connection
>
> -Matt
You're ri
another potential problem with FTPS vs. SFTP is
firewalling. SFTP needs just one port, FTPS needs
several, as its really just 'good' ole ftp. And I
would certainly be curious how you would proxy an
encrypted ftp connection.
On Mon, 01 Aug 2005 20:15:04 -0400, Steve Shockley
<[EMAIL PROTECTED]> wrote:
>J.C. Roberts wrote:
>> I don't mean to be confrontational but personally I didn't think there
>> was any point in securing anon/public access?
>
>Does FTP in SSL/TLS verify certificates? It could be used to verify
>th
http://winscp.sf.net
J.C. Roberts wrote:
> I don't mean to be confrontational but personally I didn't think there
> was any point in securing anon/public access?
Does FTP in SSL/TLS verify certificates? It could be used to verify
that the server you're connecting to is actually the server you think it
is. (IOW, sig
I'm sorry but there's no e.g. official "AnnonSFTP"-Patch/Modification for
OpenSSH. As far as I know you're not able to splitt the SFTP from the
SSH-Account (I don't mention any unofficial Patchs wich may work).
Hi,
Just in case you don't know, "scponly" works great.
In our datacenter we need t
ox on the net supporting an
>>>> outdated, insecure and most importantly, difficult (often blocked or
>>>> messed up by NAT) protocol. Wrapping FTP in SSL/TLS dose help some of
>>>> the problems but it does not solve all of them.
>>>>
>>>> Kind Re
--On 01 August 2005 16:24 -0700, Spruell, Darren-Perot wrote:
The point of anonymous access is to provide content to "anyone at
large", regardless their identity. So if you are using encryption to
make sure that "not just anyone at large" can see the data, you're
dealing with two mutually exclus
> Or if I do e.g. a little Webhosting Service. I wont give my
> users an SSH
> so I've to choose FTPS even it's not as secure as SFTP.
>
> So it dosn't just deal with anonymous connections.
Why does it need to deal with anonymous connections?
The point of anonymous
/TLS dose help some of
>>> the problems but it does not solve all of them.
>>>
>>> Kind Regards,
>>> JCR
>>
>>I'm sorry but there's no e.g. official "AnnonSFTP"-Patch/Modification for
>>OpenSSH. As far as I know you're not a
ards,
>> JCR
>
>I'm sorry but there's no e.g. official "AnnonSFTP"-Patch/Modification for
>OpenSSH. As far as I know you're not able to splitt the SFTP from the
>SSH-Account (I don't mention any unofficial Patchs wich may work).
>
>That'
y NAT) protocol. Wrapping FTP in SSL/TLS dose help some of
> the problems but it does not solve all of them.
>
> Kind Regards,
> JCR
I'm sorry but there's no e.g. official "AnnonSFTP"-Patch/Modification for
OpenSSH. As far as I know you're not able to splitt the SFT
> Since FTP over SSL/TLS is going to require configuration changes on
> the client side and possibly upgrades of client-side software, why not
> just require a new client that supports SFTP?
>
OpenBSD ftp daemon rocks. If only OpenSSHd had the same config options
for virtual hosts.
On Mon, 1 Aug 2005 12:49:49 -0500, "Bob Bostwick \(Lists\)"
<[EMAIL PROTECTED]> wrote:
> I am implementing an FTP server and need it to use SSL/TLS. I
>know ftpd doesn't support this, and was wondering if anyone had any
>suggestions on an alternative. I know SFTP exists, but that is not an
ample.
I think you might look at ProFTPd as well, IIRC it supports FTPS.
DS
I am implementing an FTP server and need it to use SSL/TLS. I
know ftpd doesn't support this, and was wondering if anyone had any
suggestions on an alternative. I know SFTP exists, but that is not an
option, as the clients are not going to change. I know pure-ftpd
supports this, but didn
33 matches
Mail list logo
