[vox-tech] SSH Troubles
Marc Elliot Hall
marc at hallmarc.net
Fri Jul 21 23:29:58 PDT 2006
On Fri, Jul 21, 2006 at 08:50:46AM -0700, Ken Herron wrote:
> Ken Herron wrote:
> >Also, I've read that to port-forward an FTP server, the firewall has
> >to watch the FTP command channel, open holes for each data connection,
> >and maybe even modify some packets.
>
> Okay, see <http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html>,
> in particular "Why PORT Poses Problems for Routing Devices" and
> "Problems when the FTP Server is Listening on a Non-Standard Port
> Number". Now imagine your netgear thinks it's dealing with FTP and is
> doing that to your ssh sessions.
>
Not that I'm disagreeing with you about the router's possible confusion,
but I'm not running an FTP server. ;-)
I'll investigate further in this direction; however I don't think my
appliance is nearly smart enough to rewrite packet headers. It just
accepts inbound traffic on designated ports and passes it through
unmodified to the same port on a specified host on my network.
Now, if the most recent version of sshd doesn't know how to listen
on both port 21 and 22, that would be a problem....
--
Marc Elliot Hall
www.hallmarc.net
More information about the vox-tech
mailing list