l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2006 Jul 22 10:54

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] SSH Troubles
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] SSH Troubles



Marc Elliot Hall wrote:
On Fri, Jul 21, 2006 at 08:50:46AM -0700, Ken Herron wrote:

Ken Herron wrote:

Also, I've read that to port-forward an FTP server, the firewall has to watch the FTP command channel, open holes for each data connection, and maybe even modify some packets.
Okay, see <http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html>, in particular "Why PORT Poses Problems for Routing Devices" and "Problems when the FTP Server is Listening on a Non-Standard Port Number". Now imagine your netgear thinks it's dealing with FTP and is doing that to your ssh sessions.

Not that I'm disagreeing with you about the router's possible confusion,
but I'm not running an FTP server. ;-)
I never said you were. You're running ssh over port 21, which is normally the ftp command channel port. So the router might be applying its ftp forwarding support to your ssh traffic and scrambling it in the process.

I'll investigate further in this direction; however I don't think my appliance is nearly smart enough to rewrite packet headers. It just accepts inbound traffic on designated ports and passes it through unmodified to the same port on a specified host on my network.
Netgear routers can port-forward ftp. If you'd read the link above, you'll see that dumb packet forwarding isn't sufficient to port-forward ftp. So netgear routers almost certainly have logic to do the protocol monitoring and packet rewriting described.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.