Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- is it impossible to tunnel ftp?
- Torbjorn Richt
October 21, 2003, 9:34 am
rate this thread
i have a firewall, iptables on linux redhat 9.
behind it i have one ftp server(windows) and one webserver (windows).
i have tried to make a SSH-tunnel to the ftp-server, tried both
with putty on windows and with ssh on a FreeBSD like this:
ssh -L 2121:ftp.server.ipnum:21 sshhostipnum
the problem seems to be ftp-data, login works just fine, but
when i print "ls" or anything else i get "500 Invalid PORT Command "
it works from the ssh-shell to the ftp server.
what am i doing wrong?
Re: is it impossible to tunnel ftp?
FTP needs a data port for returning data (eg the output of your "ls" or
the contents of a file). This connection is either server-to-client (in
the case of "active mode") or client-to-server ("passive mode"). In
active mode, the connection is from port 20 on the server to a port
specified by the client. In passive mode, it's from a random port
on the client to a random port specified by the server.
Your port forward doesn't provide either (and it would ne difficult to
You might be able to get it to work if your ssh client supports socks
(for OpenSSH this is DynamicForward, some other clients have a similar
capability). Set the client to use socks and passive mode.
 Hopefully I got those right, it's been a while since I looked at it.
Go read the FTP specs to be certain.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » How can Putty load my public key generated with OpenSSH
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum