[lug] Making an HTTPS tunnel to an FTP server
Dan Ferris
dan at usrsbin.com
Tue Dec 20 19:59:19 MST 2011
OpenVPN will do what you want. You can set it to listen on any TCP or
UDP port that you want. It also works through NAT firewalls, so you
should be able to get it through your firewall.
Dan
On 12/20/2011 7:48 PM, Chris Riddoch wrote:
> On Tue, Dec 20, 2011 at 12:13 PM, Glenn Murray<glenn.murray at gmail.com> wrote:
>> I have a ProFTPD server running on port 21 behind a
>> firewall. I'm like to create an HTTPS tunnel through the firewall to
>> ProFTPD so that users outside the firewall can connect to ProFTPD
>> using the same ProFTPD credentials as inside the firewall. I
>> understand that another set of credentials is necessary to set up the
>> tunnel. The odd thing here is that (at this point) it has to be
>> HTTPS, and not FTPS, SFTP, etc.
> If you want ProFTPD to be answering the request, the request needs to
> be something that ProFTPD knows what to do with - namely, FTP.
>
> So, if you want to provide an HTTPS interface to talk *to* ProFTPD, it
> sounds like you want to be effectively driving an FTP client on a web
> server from a browser outside the network - there'd be sort of a
> file-browser web application that's a front-end for talking to the
> ProFTPD server. Do I understand the problem right?
>
> If that's the case, I just googled for: ftp "file browser" web, and
> found a variety of web applications that might suffice, but I haven't
> used any of them myself. You can set up the SSL requirement on
> whatever web server is offering the ftp "front-end."
>
> Most of these "file browsers" look like the user is asked to specify
> the FTP server to connect to, and it seems unwise to allow users to
> choose any arbitrary FTP server (or provide credentials through the
> web interfaces for whatever arbitrary FTP server someone wants to
> connect to, thus encouraging users to trust their passwords to
> whatever server is hosting the web interface...)
>
> These things might be customizable, but I haven't looked at the
> specific applications to find out how easy that is. I'm a little
> discouraged that most of the options seem to be implemented in PHP,
> I've developed a bit of a knee-jerk expectation that anything written
> in PHP is fundamentally insecure. If it were me, I'd probably
> consider implementing it myself, get partway through doing so, and
> then decide that there really must be a better way of accomplishing
> all this.
>
> I cite: http://xkcd.com/949/
>
> *sigh*
>
More information about the LUG
mailing list