From owner-freebsd-questions Sun Dec 30 17: 2:10 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smnolde.com (att-98-60-141.atl.mediaone.net [24.98.60.141]) by hub.freebsd.org (Postfix) with ESMTP id DE17037B41D for ; Sun, 30 Dec 2001 17:02:04 -0800 (PST) Received: from bsd.smnolde.com ([192.168.10.7] helo=bsd ident=smn@smnolde.com) by smnolde.com with esmtp (Exim 3.30 #1) id 16Kqq5-0005ov-00; Sun, 30 Dec 2001 20:02:05 -0500 Date: Sun, 30 Dec 2001 20:02:03 -0500 (EST) From: Scott Nolde To: Jon Drukman Cc: Subject: Re: ftp over ssh - problems In-Reply-To: <4.3.2.7.2.20011230144925.00c54890@10.10.10.1> Message-ID: <20011230200030.L239-100000@bsd.smnolde.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG: >Date: Sun, 30 Dec 2001 14:56:22 -0800 >From: Jon Drukman >To: freebsd-questions@FreeBSD.ORG >Subject: ftp over ssh - problems > >there are still many reasons i need to use ftp, unfortunately. i use >ftp-over-ssh to make it as secure as possible, but i have run into problems >with recent freebsd installs. it seems that passive mode sends 127.0.0.1 >instead of the host's public ip address. this means that the ftp client >tries to connect to a port on localhost that won't be listening in order to >list the files. connection refused. > >the session looks something like this: > >220 jsd.com FTP server (Version wu-2.6.2(2) Fri Dec 28 12:21:04 PST 2001) >ready. >USER jsd >331 Password required for jsd. >PASS (hidden) >230 User jsd logged in. >PWD >257 "/home/jsd" is current directory. >Host type (I): UNIX (standard) >PASV >227 Entering Passive Mode (127,0,0,1,32,74) >connecting to 127.0.0.1:8266 >- - >connecting to 127.0.0.1 ... >can't connect to 127.0.0.1 - connection refused >connect: connection refused >PORT 127,0,0,1,5,7 >200 PORT command successful. >LIST >425 Can't build data connection: Connection refused. > > >i tried with the default ftpd that comes with FBSD 4 and wu-ftpd, same >behavior. > >here's what a successful transaction looks like (the host in question is >running solaris 2.7). note how the PASV command returns the remote >machine's IP and not 127.0.0.1. any ideas on why freebsd would behave >differently, and more importantly, how to fix it? > >Connected to 127.0.0.1 port 21 >220 sss FTP server (SunOS 5.6) ready. >USER jsd >331 Password required for jsd. >PASS (hidden) >230 User jsd logged in. >PWD >257 "/export/home/jsd" is current directory. >Host type (I): UNIX (standard) >PASV >227 Entering Passive Mode (206,132,131,3,167,119) >connecting to 206.132.131.3:42871 >- - >connecting to 206.132.131.3 ... >Connected to 206.132.131.3 port 42871 >LIST >150 ASCII data connection for /bin/ls (64.2.58.24,1290) (0 bytes). >Received 2352 bytes in 0.2 secs, (91.29 Kbps), transfer succeeded >226 ASCII Transfer complete. > >-jsd- > To make the connection as secure as possible, why not use scp or sftp? The entire session would be encrypted, not just the user/passwd. Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message