Thanks for the response Rob, I should be recognizing this by now...whenever I shoot off my mouth about having solved a problem, it isn't really solved at all: Mistaking the fact that it works for the solution of the problem.
1. This is a one-man 2-computer setup, so I generally ftp from behind the firewall, but I would like it to work just to make it work, and I will eventually want it to work for a couple of friends whose sites I would like to host. 2. I am probably using the wrong terminology. I use Cute FTP. The settings for this connection are: SFTP using SSH2 (Secure Shell) port 22 Use Global Settings and I have SSH2 set up on the Linux box and it works (meaning I connect and I can up and download files). My (thin-film level) understanding was that SSH2 actually pretended to be whatever open ports were necessary for the communication, but all traffic went through 22. At this time the firewall is actually closed on 20 and 21 and everything else except 22, 80, 110, 25. The address I connect to is not the internal IP but the domain name; the client log shows it is going through the Internet and is initializing SFTP module. So I don't know what to say here. Answering your second response here, I do not know what more I can do to look into it further except to let my understanding mature to the level where I can see what I am overlooking. I bought O'Reilly's TCP/IP Network Administration and a half dozen other books and have read the various manuals (and Google how to pages where this very problem seems to be being solved all the time) and tried a huge number of variations on that setup with no success. Best Wishes! Mike Olds www.buddhadust.org -----Original Message----- From: Rob Weir [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 12:39 AM To: Debian-User Subject: Re: Proftp behind firewall problem solved On Mon, Dec 02, 2002 at 02:51:50PM -0800, Michael Olds wrote: > Hello again, > > I should be recognizing this by now...whenever I am about to send a message > to a help list I am about five minutes from solving the problem...and of > course if I actually get as far as describing the problem in great detail > the solution is sure to make me look like an idiot. > > In this case: opening port 21 or 20, or setting up a range of thousands of > open ports for PASV mode for SFTP won't do it. Gotta open port 22 in the > firewall. That was all it took. Uh, that's weird. I don't think this can be very robust, since the data port is semi-randomly chosen...Plus, it's the SSH port, so how are you going to SSH/sftp/scp into that machine? -rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
