Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] proftpd and port forwarding
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Mon, 4 Dec 2000 18:10:39 +0100 (MET)
  • Message-id: <Pine.LNX.4.30.0012041807230.10804-100000@xxxxxxxxxxxx>
Hi Basti,

> Hi!
>
> Due to the inherent vulnerability of the wu.ftpd, I want to switch to a
> different ftp daemon after upgrading one of my Webservers. It's Webmasters
> need ftp access (*sigh*); plain text login is no choice, so port
> forwarding of the control connection through a secure tunnel is needed
> (in this case via ssh: ssh -L <port>:<server>:21 <server>).

Make sure you specify the remote end of the port tunnel to be the real
name of the server, not localhost. Otherwise, the ftpd might bind to the
lo interface (because the control connection came from there), where a
packet from a (real) network interface never arrives.

Of course, you know that only passive mode ftp will work (ncftp doesn't do
passive ftp) (where would the server want to open the connection to?).

> The precompiled packages from SuSE will not work this way; wuftpd needs an
> additional configure parameter at compile time to work.

I think I had it running. :-/

> I was not able to get the standard in.ftpd or proftpd (preferred) work
> with a tunneled control connection. Am I missing something, or is this
> impossible?
>
> Bye,
> Bastian
>
> PS: Sorry if you regard this mail being rather of the "how do i
> configure..." type than security related... Let's try it here anyway ;)
>
>




Thanks,
Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -


< Previous Next >
References