Hi Eric,
If using ssh1 for doing the "normal" ftp-connections is an option I've
included a ftp-proxy in my ssh1-client (MindTerm). You could use it to
allow the users that want to use normal ftp-clients to connect (fully,
both data and command channels) through ssh1 to a ftp-server "behind" the
sshd. As a bonus you also get a simple GUI for using SCP with it :-).
Check it out at:
http://www.mindbright.se/mindterm/
Cheers,
/Mats
On Mon, 8 Nov 1999, Eric Pearce wrote:
>
> Hello
> I'm having a horrible time trying to get ftp
> port forwarding to work through a Cisco PIX firewall.
> This is all with ssh 2.0.13.
>
> I've got a remote user who doesn't want to use
> sftp because it lacks mput/mget.
> (any plan to add this?)
>
> So I'm starting up ssh in one window:
>
> % ssh -L2021:foo.ora.com:21 foo.ora.com
>
> This works fine, as I've created a "conduit"
> in the PIX for tcp port 22.
>
> and then I start ftp in another window:
>
> % ftp
> ftp> open localhost 2021
> Connected to localhost.
> 220 foo FTP server (Version wu-2.4(2) Wed Apr 8 09:41:45 EDT 1998) ready.
> Name (localhost:eap):
> 331 Password required for eap.
> Password:
> 230 User eap logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> passive
> Passive mode on.
> ftp> ls
> 227 Entering Passive Mode (172,30,1,2,131,174)
> ^C
>
> As you can see, any attempt to open a data connection hangs.
> I also notice that my internal (un-NATed) IP address
> appears in the output. Am I doomed with port forwarding
> ftp in a NAT situation? I'm guessing that the PIX
> doesn't see this as a FTP session, so it can't fixup
> the IP numbers...?
>
> The solution would ideally work on Mac, Windows and
> UNIX clients.
>
> Thanks
> -e
>
> [EMAIL PROTECTED]
>
