sftp bug

ccr · Post by *ccr » 2007-01-14, 11:01 UTC

hello,
i tested the integrated sftp way (strg+f + servername with ftps://) with the openssl dll(s). it worked fine except against local addresses that only had an ip address in their name...

Post by *Hacker » 2007-01-14, 11:25 UTC

Just a small note - that's FTPS, not SFTP.

Roman

Post by *ghisler(Author) » 2007-01-14, 14:32 UTC

What problems did you encounter?

I have Raidenftpd on the local computer, and TC can connect to it without any problems, either by giving localhost:22 or 127.0.0.1:22 as the address. RaidenFTPd doesnt' seem to allow FTPS connections on port 21, though.

mhtcf · Post by *mhtcf » 2007-01-21, 01:03 UTC

I also have successfully connected via ftps locally but I can not get past "Get Directory" when connecting from outside my network. I'm using zftpserver through a Netgear router. Port 21 is forwarded but when I connect from outside (last tried with with tc7.0b3) I sucessfully connect and log in but get "stuck" at the TotalCmd window "Download" with "Get Directory" as the message. Not sure if this is a TC issue but any help would be appreciated.

Post by *ghisler(Author) » 2007-01-22, 21:29 UTC

Remember that FTP and FTPS uses the indicated port only for the control connections. The data and directories are sent via random ports between 1024 and 65535. Since the control connection is encrypted, stateful packet inspection will not work. You need to
- restrict the ftp data ports in the ftp server to a specific rrange, e.g. 60000 to 65000
- redirect these ports in the firewall to your server computer