Stunnel.org  
   
Home
About
News
Faq
Examples
Download
Patches
Support
Related
<Examples>
Lots of info about the state of FTP+SSL is available at http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html


Date: Sun, 09 Sep 2001 20:04:06 -0300
From: Bernd Foerster <bernd@if.sc.usp.br>
Subject: Re: ftp over stunnel

Hi Brian,

here we go
writing the reply to your request I suddenly realized what ive been
doing wrong ;)
the ssh method (that already worked) goes like this:

    ssh -L 210:remote_ip:21  remote_ip
    ftp -d 127.0.0.1 210

with stunnel initially I tried:

    REMOTE SIDE : stunnel -f  -p /usr/local/sbin/stunnel.pem -d 5000 -r 127.0.0.1:21
    LOCAL SIDE:  stunnel -c -f  -d 2100 -r remote_ip:5000

    ftp -d 127.0.0.1 2100   

after some tcpdumping -i lo on the remote side I came up with this :

    REMOTE SIDE : stunnel -f  -p /usr/local/sbin/stunnel.pem -d 5000 -r REMOTE_IP:21


     where 127.0.0.1 has been replaced with the actual ip of the remote machine
     after that all worked fine, just as with the ssh method



for what i understand is that in passive mode the ftp
server issues a port command over the control connection
informing the ftp client where to open the  data
connection the ftp client sends a connection requests to
the specified IP and port the server acknowledges the
expected connection and starts to transfer data

The diference between the two remote side stunnel
commands is that the connection to the ftp server once is
done from 127.0.0.1:500 to 127.0.0.1:21 and the other
time from remote_ip:5000 to remote_ip:21, the ftp server
seams to be informed about this difference and issues
diferent port commands sure enough 127.0.0.1 wont work


well, so long, so good maybe it would be a niche idea to
add some info to your faq explaining that secured ftp
control connection, using pasive mode, is possible as
indicated above wheras a secured data connection
evidently cannot be established over stunnel.  you also
write that there are some ftp programs with secure
conections available I would very much apreciate if you
could point out some not only ftp-servers but also ssl
capable ftp clients cause that will be my next problem it
would be nice to replace the stunnel on the local side by
a ssl capable ftp client unfortunately the one i
currently use (Igloo FTP) doesnt work its newest version
comes with ssl, but connection request to remote_ip:5000
does not even display the ftp's welcome message (before
login)