FTP server behind firewall?

Julius Huang juliushuang at gmail.com
Thu Apr 17 09:57:45 UTC 2008 

On Apr 17, 2008, at 12:59 , Manolis Kiagias wrote:
> Gilles wrote:
>> On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel <jon at radel.com> wrote:
>>
>>> What control do you have over the firewall?  One of the cleaner
>>> solutions would be to run an ftp proxy on the firewall, such as that
>>> supplied with pf.  See ftp-proxy(8) or
>>> http://www.openbsd.org/faq/pf/ftp.html
>>>
>>
>> Unfortunately, the router/NAT firewall can be neither replaced nor
>> tweaked, since it's a modem/router provided by our ISP.
>>
>> Actually, we don't necessarily need an FTP. Whatever solution to send
>> files is fine, provided I can add this feature in a VB Classic client
>> application.
>>

Hi,

May be you can consider using sshd + sftp on Server.
   (Single Port for just about everything, see below)

PSCP or PSFTP (from same as PuTTY) allow send / receive file via  
command line,
   eg. you can issue "exec" from VB to send files.
       "pscp [options] source [source...] [user@]host:target"
       (PSFTP is prefer over PSCP, but PSCP is simple)

   http://www.putty.nl/download.html

Also, bind sshd on high port will prevent too many port scan and
   the connection is consider to be more secure than ftp.

IMHO, sftp is more easily managed than ftp in the long run (Both  
Server and Client).

ps.
I also use ssh to forward 3389, the M$ Terminal Server (even XP has  
one), no need for PC ANYWHERE.
If you need to solve problem remotely, you don't need to open another  
port (PC ANYWHERE needs 2).

J.


>>
>>
> Running an FTP behind a home DSL router is perfectly possible. You  
> will just have to open a range of ports on the router itself eg  
> 25000-25050 and forward them to your ftp server internal IP  
> address. Then set the FTP server to only use these ports for  
> passive transfers.
>
> For example, I am using ftp/proftpd and have this directive in the  
> configuration file:
>
> PassivePorts 25000-25050
>
> You will, of course, need to forward port 21 as well.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions- 
> unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list