On 30 May 17:08, Mark Rogers wrote:
On 30 May 2014 14:44, Brett Parker iDunno@sommitrealweird.co.uk wrote:
Except FTP is a nightmare when nat is involved, and more so when using FTPS.
Just goes to show it's been a while since I set FTP up, I'd forgotten about that joy!
As I mentioned I haven't tried FTPS but does that bring a particular complication over NAT? Aside from accepting passive connections over a narrow port range that has been forwarded through anyfirewall/NAT setup, is there more to it?
yes... with ftp you can use the nat ftp module with ftps the connection is encrypted and the kernel can't spy on the traffic, so you have to open a dedicated set of ports.
The advantage of FTP(S) is that the server doesn't have the capability to provide access to anything in the way the SSHd does, which means you're less reliant on locking down all the things the server can do but that you don't want it to allow.
force-command internal-sftp is good for restricting ssh
--
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!