Tunneling FTP connection from home where server only accepts local IPs

I need to access an FTP server at work but the server will only accept local IPs. I cannot access it from my home machine. I have been able to ssh into my Unix work machine through PuTTY and from there successfully open a console FTP connection to the FTP server.

I could work through this, but I would prefer not to as it is very cumbersome for me. I would prefer to tunnel an FTP connection through the work machine via PuTTY so I may use my FTP client of choice, FileZilla, to accomplish my FTP needs on the server. Of course this is through port 21.

I know PuTTY is capable of port forwarding through ssh, I'm just not sure how to use it.

Home -> Work -> Server.

Ben Jacobson

Posted 2012-05-18T21:19:12.930

Reputation:

There's nothing inherently different about uploading vs download over a SOCKS proxy connection. The big different is your home Internet connection is likely to have poor upload (outgoing) performance in comparison to download (incoming) performance. We'd probably need more logs to be able to diagnose it. – EightBitTony – 2012-05-20T07:55:53.263

I've come to the conclusion that I'm probably on to another problem entirely and will work on creating a new question addressing this specific problem. Thank you so much for your help EightBitTony! – Ben Jacobson – 2012-05-20T23:58:39.567

Might want to register your Server Fault account with the same credentials as here in order to reclaim this question @ben – random – 2012-05-21T00:23:18.853

Answers

Use a SOCKS proxy.

PuTTY window

The source port is now (locally) a SOCKS proxy. Configure FileZilla to use it as a SOCKS proxy (see below). It'll open a connection through that to the host you ssh to (your work machine) and then connect from there, to any IP address you give it. Works for anything with supports SOCKS and that includes FTP.

The rest of the PuTTY config just remains the same - configure the ports (as shown) and then connect that PuTTY session to your Work machine via SSH.

Here's what the FileZilla option needs to look like,

enter image description here

When you put in the target for the FTP connection, use the IP address not the hostname, because DNS resolution may still happen locally and you don't want that.

The whole thing is secure and invisible - it looks like a basic SSH connection to anything else on the network.

NB: If you want to do this from the command line, you can use PuTTY's plink.exe to do the following,

plink -ssh -D 9090 you@your.work.laptop.example

it achieves the same thing without having to create a PuTTY profile or use the GUI.

EightBitTony

Posted 2012-05-18T21:19:12.930

Reputation: 3 741

I Like that way of doing it a little more than my answer. You can set the SOCKS proxy in filezilla under "Generic Proxy" and remember to use it in "passive mode". – Philip Couling – 2012-05-18T21:42:08.733

Firstly its much easier / arguably better to be using SCP. Since you've got SSH it would be common for you to have SCP access also. But I don't know your network so to the question...

Firstly Make sure that your client is set to use FTP in ACTIVE mode. I wanted to suggest using passive mode but you can't control which ports will be used.

Secondly Limit the number of ports your FTP client will use in active mode down to a handful. Less that 10 would be good. And here's why.

Thirdly create remote port forwards for all of these ports.

That should get it working

Philip Couling

Posted 2012-05-18T21:19:12.930

Reputation: 131

Here's how to browse the file system of the internal server (behind NAT), with FileZilla or with Nautilus File Manager - using SFTP (SSH session on TCP port 22), thru gateway server (outside NAT):

First run in Terminal:

sudo ssh -L 9090:{internal server hostname or IP}:22 root@{gateway server hostname or IP}

Then create a new connection.

In FileZilla:
- Host: sftp://127.0.0.1
- Username / Password: The credentials of the internal server.
- Port: 9090 (same port as in terminal command).

Or in Nautilus:

sftp://127.0.0.1:9090/, then you'll be prompted to enter internal server credentials.

Now you should be able to browse the internal server file system.

Note: As you can see, it does not require to setup SOCKS Proxy in Putty nor in FileZilla :)

Noam Manos

Posted 2012-05-18T21:19:12.930

Reputation: 771