Next
Previous
Contents
The following is a description from Travis Richardson on
how to use frox to tunnel all your ftp connections through
an ssh link:
Object:
Tunnel ftp connections from my laptop to my server, and
from there out into the world (I'm assuming here (for my own
reasons) that my server's connection / routing is more
secure than my laptop's). I want to tunnel both control AND
data connections, so I can't just use a single tunnel with
Frox.
Solution:
- Install Zebedee (an open source tunnel - see
http://www.winton.org.uk/zebedee/) on your server and
client
- Configure the zebedee server to allow tunnels to
127.0.0.1:3121 (Frox's default port) and for your data
connections (eg: 127.0.0.1:41000-41049)
- Configure your local zebedee client to forward the
local versions of these ports to 127.0.0.1 on your server
(eg: 3121:127.0.0.1:3121 and
41000-41049:127.0.0.1:41000:41049). You must use 127.0.0.1
instead of my.server.com because Frox will be listening
for a data connection on 127.0.0.1 (what you will set
PASVAddress to) and won't accept connections on other IPs.
It looks weird, but it works.
- Configure Frox to listen on 127.0.0.1:3121
- Configure Frox with PASVAddress to 127.0.0.1 (which
will cause your FTP client to connect to localhost, which
will be forwarded / tunneled by zebedee to the localhost
on your server) and PassivePorts to your port range above
(eg: 41000-41049)
Done! Restart / start your zebedee server / client and
Frox and set your FTP client to use the new proxy at
127.0.0.1:3121. Should work like a charm.
If you are using the grsecurity kernel patch and also
local caching in frox then note that frox does a chown
within a chroot jail. If you have disabled this then you
will need to manually change the ownership of the frox-cache
socket file in the working dir the first time you run
frox.
Next
Previous
Contents