| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | RES: EleBBS: EleServ/FTP: Passive Mode added |
* EleBBS Support List
Hi Shurato,
>> If it's possible, consider some improving:
>> 1) Configuring a port range for data connections (maybe by
>> eleserv command line option, if it makes simpler).
> At least nothing below 1024 to deter server to server connections.
If it's possible to determinate a range, we can easily open it at firewall.
>> 2) Configuring the external (real) IP address. In my case, I'm
>> behind a NAT, and the server suggests my local IP (192.168.x.x)
>> for connections, that fails when I'm outside my LAN.
> I haven't noticed any connection failures (at least none reported) and
I'm behind an NAT as well. Anyone
> else? If this is a problem, 2 sounds like a good idea.
I think I know why my problem happens...
My architecture is a little bit different.
I'm trying to use an SSL tunnel at least at ftp command channel.
So, my client access an "Security Server" that access the
"BBS FTP Server" internally at my LAN.
Client --SSL--> Stunnel --FTP--> EleServ
Internet LAN
So, EleServ thinks the connection comes from the middle host, and informs
the internal address.
If it's possible to force the server to always inform the real IP, it
wouldn't work for local connections anymore, but would solve the problem to
outside connections (that is the objective for me).
If it implements another feature: informing a port plus 1000 for data
connections, for example, I can map by stunnel some ports and it will
encrypt data traffic as well.
For example:
At stunnel, I'll map 4000 --> 3000, 4001 --> 3001, 4002 --> 3002, ...
When EleServ ftp opens port 3001, it informs 4001, and stunnel will do the
keys exchange and then starts the session to ftp port 3001...
I think these additional features are easy to implement and together will
make EleServ FTP server compatible with for SFTP connections. Maybe a
command line option -SFTP would enable them, and
another -PASV_RANGE init_port:final_port would determine the range of ports
used at PASV mode.
I'm using CuteFTP Home client (www.cuteftp.com) and stunnel
(www.stunnel.org) at my tests.
Regards,
Ioram Sette
Brain Storm BBS
http://www.bsbbs.com.br
ssh://bsbbs{at}bsbbs.com.br
_______________________________________________________________
--- Internet Rex 2.29
* Origin: The gateway at The Snake (2:280/4312.101)SEEN-BY: 633/267 270 @PATH: 280/4312 774/605 123/500 379/1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.