M Harris wrote:
On Tuesday 17 April 2007 17:02, Matthew Stringer wrote:
What I'm hoping to achieve is to create a bastion host box that allows SSH connections from anywhere, I can then create users on that box who'll be able to create an SSH tunnel to the FTP machines. I have not run ftp /or telnet in production for years.
... the ssh tunnel is ok, but you could try scp instead of ftp.
In your situation you might try passive ftp... but either way its not the best. From the looks of things the passive connection back is not working. Standard ftp requires two sockets... one to make the connection (commands) and the other to transmit the data... looks like the data socket isn't authorized or is failing for some other reason. Are the boxes behind a firewall on an 192.168 network using NAT (masquerading)? FTP does not masquerade well without the ftp fix.
But back to my first point... really, IMHO you would do well to try scp. I move files on my systems (even to the outside) exclusively with scp... its the secure copy that ships with ssh.... can be compressed, encrypted, and frankly is more flexible than FTP IMO.
True SCP is preferable but I have users running a Win32 program that only uses FTP so I can't use SFTP or SCP or anything else here. All machines are on the internet, no NAT'ing or internal networks here. What I don't understand is that if I use ftp -A localhost -p xxxxx it still tries the passive mode rather than forcing active. Matthew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org