FTP/SSH SCP Client that can connect to firewall then telnet
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
FTP/SSH SCP Client that can connect to firewall then telnet
Does anyone know of any file transfer application that I can use from a Windows machine that I can connect to my Unix firewall with, then after I connect to the firewall, telnet to my linux web server from so I can transfer files from my localhost to my WWW server that is in my DMZ? I have used WinSCP and Filezilla to go from my local machine to my dev servers, but they are on my side of the firewall so that is an easy connection. Neither Filezilla nor WinSCP (though it claims to do so, it does not) can connect to my firewall then allow a telnet to my WWW server as a different user.
At the moment I am using Hummingbird, which works as I need it to but is freaking God awful slow and very clunky. Plus it takes over part of your system to use it. Any help would be appreciated.
At the moment I am using Hummingbird, which works as I need it to but is freaking God awful slow and very clunky. Plus it takes over part of your system to use it. Any help would be appreciated.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Ok, so I downloaded both the PSFTP client and the PSCP client, but I cannot hit the firewall from them (I had it wrong... I use Putty to telnet to the firewall, then telnet from the firewall to the servers in the DMZ). So I can telnet to the firewall with Putty, but I cannot connect as (what appears to be the FTP client) from either of the other two.
Anyone have any ideas as to what I may be doing wrong?
Anyone have any ideas as to what I may be doing wrong?
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Ok lemme get this straight.
Your PC connects to a firewall (server).
There's no other physical way to get onto the servers behind it.
The only port you can connect to the firewall with is port 23 (telnet).
The other servers have port 22 open for SSH, but you need to go through the firewall first?
You'd like to copy a file using SCP (port 22) through the firewall and onto the servers?
The server you need to put the file on is in a DMZ (so you can directly SSH to it?)
All you should need to do is scp (with pscp.exe) the file from your machine to the server if it's in a DMZ. You don't even have to go via the firewall as an intermediate since that should happen transparently. If you're more used to a bash shell, using cygwin would make this a lot easier, even though it is clunkier.
Your PC connects to a firewall (server).
There's no other physical way to get onto the servers behind it.
The only port you can connect to the firewall with is port 23 (telnet).
The other servers have port 22 open for SSH, but you need to go through the firewall first?
You'd like to copy a file using SCP (port 22) through the firewall and onto the servers?
The server you need to put the file on is in a DMZ (so you can directly SSH to it?)
All you should need to do is scp (with pscp.exe) the file from your machine to the server if it's in a DMZ. You don't even have to go via the firewall as an intermediate since that should happen transparently. If you're more used to a bash shell, using cygwin would make this a lot easier, even though it is clunkier.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Your PC connects to a firewall (server).
Yes. Our set up is something like:
users -> intranet & dev servers-> firewall -> DMZ (WWW and Secure) -> world
There's no other physical way to get onto the servers behind it.
Not without hooking up a monitor and keyboard to the machine in the server room.
The only port you can connect to the firewall with is port 23 (telnet).
This is correct. I can only telnet into the firewall.
The other servers have port 22 open for SSH, but you need to go through the firewall first?
I believe this is the case, though it might be 23 (telnet) not SSH. When I telnet into the firewall I use the 'connect hostname' syntax from the telnet prompt to get to the web servers.
You'd like to copy a file using SCP (port 22) through the firewall and onto the servers?
I am not particular to any protocol for file transfer. I am terribly annoyed with Hummingbird because everytime I try to move a file (even in batches) it checks my username and password. Not to mention that it takes between 10 seconds and a minute to get the app to actually move the files up (per file). WinSCP works great on my connection to my server that is on my side of the firewall (and using SSH).
The server you need to put the file on is in a DMZ (so you can directly SSH to it?)
Yes and no. All of the dev servers are opened up to SSH, so I can SSH directly to them. However, our WWW and Secure server require authentication through the firewall in order to access them. So, for example, I can SSH to www-dev but I have to telnet to the firewall, then 'connect www' once authenticated in order to get to the prompt for WWW.
Yes. Our set up is something like:
users -> intranet & dev servers-> firewall -> DMZ (WWW and Secure) -> world
There's no other physical way to get onto the servers behind it.
Not without hooking up a monitor and keyboard to the machine in the server room.
The only port you can connect to the firewall with is port 23 (telnet).
This is correct. I can only telnet into the firewall.
The other servers have port 22 open for SSH, but you need to go through the firewall first?
I believe this is the case, though it might be 23 (telnet) not SSH. When I telnet into the firewall I use the 'connect hostname' syntax from the telnet prompt to get to the web servers.
You'd like to copy a file using SCP (port 22) through the firewall and onto the servers?
I am not particular to any protocol for file transfer. I am terribly annoyed with Hummingbird because everytime I try to move a file (even in batches) it checks my username and password. Not to mention that it takes between 10 seconds and a minute to get the app to actually move the files up (per file). WinSCP works great on my connection to my server that is on my side of the firewall (and using SSH).
The server you need to put the file on is in a DMZ (so you can directly SSH to it?)
Yes and no. All of the dev servers are opened up to SSH, so I can SSH directly to them. However, our WWW and Secure server require authentication through the firewall in order to access them. So, for example, I can SSH to www-dev but I have to telnet to the firewall, then 'connect www' once authenticated in order to get to the prompt for WWW.
For dev and intrnet, this is totally the case. For WWW and the Secure site, I have to go through the firewall.All you should need to do is scp (with pscp.exe) the file from your machine to the server if it's in a DMZ. You don't even have to go via the firewall as an intermediate since that should happen transparently.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Hey Everah, I think I will be investigating the same thing shortly. 
I have a Linux box though, but I am curious before I look into installing a firewall on my server...what purpose would it serve except to block access to ports?
I understand the purpose of a NAT firewall on a client machine like those used in homes and how some can be configured to prevent spyware, etc from calling home, but for a server, that "serves" requests.
Where is the point in having a firewall? Isn't there a port scanner tool for Linux which will tell you which ports are open? I havent' searched this but ran across several articles which detailed such a program. Can you not just explicitly deny requests to certain ports?
Thanks to any whom answer
I have a Linux box though, but I am curious before I look into installing a firewall on my server...what purpose would it serve except to block access to ports?
I understand the purpose of a NAT firewall on a client machine like those used in homes and how some can be configured to prevent spyware, etc from calling home, but for a server, that "serves" requests.
Where is the point in having a firewall? Isn't there a port scanner tool for Linux which will tell you which ports are open? I havent' searched this but ran across several articles which detailed such a program. Can you not just explicitly deny requests to certain ports?
Thanks to any whom answer
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Port scanner:Hockey wrote:Isn't there a port scanner tool for Linux which will tell you which ports are open? I havent' searched this but ran across several articles which detailed such a program. Can you not just explicitly deny requests to certain ports?
Thanks to any whom answer
Code: Select all
nmap address-of-serverI suspect this is what the firewall already does but it's iptables/ipchains that you use. You can use that set up all sort of rules, including routing rules for NAT.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
I am no network guru by any means, but I know that we have a lot of servers on our network. They feed 13 branches file, print and data sharing needs as well as hosting our inward facing intranet and outward facing WWW and Secure site (and new Secure site). There are a lot of things happening on our network, so I am guessing the systems admin is taking necessary precautions to prevent anything unwanted from hitting the core of our systems by placing firewalls on the network.
Telnet?! To the firewall?The only port you can connect to the firewall with is port 23 (telnet).
This is correct. I can only telnet into the firewall.

I thought telnet support had had been dropped by the end of the carbon era.

Telnet won't work, you need either ftp or ssh server on your destination box. Are you able to connect to the ftp server on your www box from your firewall? I mean something like this:The other servers have port 22 open for SSH, but you need to go through the firewall first?
I believe this is the case, though it might be 23 (telnet) not SSH.
Code: Select all
$ telnet firewall
.... connected
> connect www 21
.... here goes ftp bannerSomething really doesn't sound right with that. Without knowing more my best guess is to set up packet forwarding from your ip, to the ip of the server on the specified port via ip tables or whatever rules you put in place in the firewall. You can also use putty for port tunneling. You may want to look into that as well.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
I have used PuTTy for MySQL port forwarding but not for FTPing.
As for FTPing after telneting into the Firewall, I have never tried that the way you showed it wierdan (I use almost that exact same sequence, but without specifying the port on connect). The sequence we use is
However based on what you posted, I tried the same sequence and this time, specified port 21. It gave me the connect message but did not give me a prompt after that (in effect, it hung there). So I am now a little more confused.
As for FTPing after telneting into the Firewall, I have never tried that the way you showed it wierdan (I use almost that exact same sequence, but without specifying the port on connect). The sequence we use is
Code: Select all
$>telnet firewall
Username: myusername
Password: #########
Login Accepted
firewallname.domain.com telnet proxy (Version 6.0) ready:
telnet>connect www-servername
Trying xxx.xxx.x.xx Port 23...
Connected to www-servername.
Server OS message
Login: loginnameforthisserver
Password:
bash-2.05$