I think can I refine my problem further - the key
seems to be that when doing ftp port forwarding,
only the control connection is sent over the
SSH connection.
The data connection (in passive mode) trys to connect
to a ephemeral port (>1023), which is blocked by the
PIX, as it doesn't know anything about it:
SSH server PIX SSH Client
|
22 <------------------------------------- ftp command
34394 |<------------------ ftp data
Is there some way to get both the ftp data and command connection
to use the SSH connection? I played around with "ftpsshd",
but seems kind of crufty and is limited to UNIX. I'm looking for
something that deals with ftp on Mac, Windows, Linux and Solaris,
allowing the use of platform-specific clients such as WFTP,
Fetch, etc.
Ideally, this is something we could make work using only the
DataFellows software for these platforms.
I can't believe I'm the only one in the world who wants
to do this...opening all ports >1023 is not the answer.
Thanks
-e
