View Single Post
  #8  
Old 06-01-2005, 10:51 AM
jcj's Avatar
jcj jcj is offline
VanDyke Quality Assurance
 
Join Date: Nov 2003
Posts: 65
Quote:
I'm desperate. I'll do anything that works, including dynamic forwarding. However, last time I looked at this (with VanDyke support), we were unable to make dynamic port forwarding work properly on v3.0 (build 842). There appears to be no way to specify the remote host to forward to (it gets grayed out).
Jeff -

If I understand what you're saying correctly, this behavior is by design.

You shouldn't need to directly specify the remote host when using the dynamic forwarding option.

Let's say you have machines A, B & C. Machine A runs SecureCRT 5.0 and SecureFX 3.0 . Machine B runs a SSH2 server, but not an FTP server, and does not have SFTP enabled. Machine C runs an FTP server. The goal is to set-up dynamic forwarding so that Machine A can use SecureFX and FTP to get to Machine C, by essentially using the SSH2 server on Machine B as a proxy.

On Machine A, you'll want to have two sessions open - one SecureCRT SSH2 session (Entunnel 1.2 would work as well), and one SecureFX FTP session. In addition, you'll want to create a new Firewall in Global Options/Firewall .

In SecureCRT (on Machine A), you should have a session configured with the following:

protocol: SSH2
hostname: MachineB.mycompany.com
Port Forward:
name: Local SOCKS5 (this can be any name you like)
port: 9999 (this can be any port as long as it's not in use already)
check: "Dynamic forwarding ..."

Now, in Global Options/Firewall (on Machine A), create your new firewall:

name: SOCKS on localhost (this can be any name you like)
type: SOCKS version 5 (no authentication)
hostname or IP: 127.0.0.1
port: 9999

Finally, in SecureFX (on Machine A), create a session configured with the following:

protocol: FTP
hostname: MachineC.mycompany.com
port: 21 (or whatever port the FTP server runs on on Machine C)
firewall: SOCKS on localhost

So, now, assuming you're connected with the SecureCRT session, and you then attempt to connect with the SecureFX session, you should ultimately land on the FTP server on Machine C.

Here's what the traffic might look like (assuming you have Trace Options enabled in SecureCRT):

SecureCRT:

Code:
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT.
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = "SSH-2.0-VShell_2_4_0_15 VShell"
[LOCAL] : CAP  : Remote can re-key
[LOCAL] : CAP  : Remote sends language in password change requests
[LOCAL] : CAP  : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP  : Remote sends algorithm name in public key packets
[LOCAL] : CAP  : Remote sends algorithm name in signatures
[LOCAL] : CAP  : Remote sends error text in open failure packets
[LOCAL] : CAP  : Remote sends name in service accept packets
[LOCAL] : CAP  : Remote includes port number in x11 open packets
[LOCAL] : CAP  : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP  : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP  : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP  : Remote correctly sends UTF8 where UTF8 is specified
[LOCAL] : CAP  : Remote correctly encodes OID for gssapi
[LOCAL] : CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP  : Remote is IETF-DRAFT compliant
[LOCAL] : CAP  : Remote VShell can do SFTP version 4
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE.
[LOCAL] : Available Remote Kex Methods = diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
[LOCAL] : Selected Kex Method = diffie-hellman-group-exchange-sha1
[LOCAL] : Available Remote Host Key Algos = ssh-dss
[LOCAL] : Selected Host Key Algo = ssh-dss
[LOCAL] : Available Remote Send Ciphers = aes256-cbc,aes192-cbc,aes128-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
[LOCAL] : Selected Send Cipher = aes128-cbc
[LOCAL] : Available Remote Recv Ciphers = aes256-cbc,aes192-cbc,aes128-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
[LOCAL] : Selected Recv Cipher = aes128-cbc
[LOCAL] : Available Remote Send Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
[LOCAL] : Selected Send Mac = hmac-sha1
[LOCAL] : Available Remote Recv Macs = hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
[LOCAL] : Selected Recv Mac = hmac-sha1
[LOCAL] : Available Remote Compressors = none,zlib
[LOCAL] : Selected Compressor = zlib
[LOCAL] : Available Remote Decompressors = none,zlib
[LOCAL] : Selected Decompressor = zlib
[LOCAL] : SEND : KEXDH_GEX_REQUEST
[LOCAL] : RECV : KEXDH_GEX_GROUP
[LOCAL] : RECV : DH Prime is 2047 bits
[LOCAL] : SEND : KEXDH_INIT
[LOCAL] : RECV : KEXDH_REPLY
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS.
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION.
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [keyboard-interactive,password,publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [password]
[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND: Pty Request (row: 40, col: 132)
[LOCAL] : RECV: pty request succeeded
[LOCAL] : SEND: x11 forwarding request
[LOCAL] : RECV: x11 request succeeded
[LOCAL] : SEND: agent forwarding request
[LOCAL] : RECV: agent request succeeded
[LOCAL] : SEND: shell request
[LOCAL] : RECV: shell request succeeded
06/01 [1] MachineB:~ > [LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:9999 to remote MachineC.mycompany.com:21. 
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:9999 to remote MachineC.mycompany.com:8919. 
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:9999 to remote MachineC.mycompany.com:8923. 
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:9999 to remote MachineC.mycompany.com:8927.
SecureFX:

Code:
i Session 00002 established for session ftp_over_socks_test (1)
i SecureFX version 3.0.0.858 (Beta Release - June 2, 2005)
i Initializing Firewall[SOCKSv5]: 127.0.0.1:9999
i Control connection successfully established.
< 220 MachineC.mycompany.com FTP server (Version wu-2.4.2-academ[BETA-16](1) Thu May 7 23:18:05 EDT 1998) ready.
i Time zone of server could not be determined.
> USER username
< 331 Password required for username.
> PASS <password>
< 230 User username logged in.
> SYST
< 215 UNIX Type: L8
i Remote operating system type is UNIX.
> PWD
< 257 "/home/username" is current directory.
> TYPE A
< 200 Type set to A.
> PASV
< 227 Entering Passive Mode (192,168,0,x,34,185)

i Data connection 71AB3B91 connected.
> LIST
< 150 Opening ASCII mode data connection for /bin/ls.
< total 331
< drwxr-xr-x  18 username      users        2048 Apr 13 17:14 .
< drwxr-xr-x  35 root     root         1024 Apr  6  2001 ..
< -rw-------   1 username      users         404 Apr 13 17:12 .Xauthority
< -rw-r--r--   1 username      users         775 May 21  2001 .bash_history
< -rw-r--r--   1 username      users          26 Sep 22  2000 .login
< -rw-r--r--   1 username      users          42 Feb 14  2001 .rhosts
< drwxr-xr-x   2 username      users        1024 Sep  4  2002 .ssh
< -rw-r--r--   1 username      users         272 Sep 22  2000 .tcshrc
< -rwxr-xr-x   1 username      users          65 Sep 22  2000 .vimrc
< drwxr-xr-x   2 username      users        1024 Mar 23  2001 bin
< drwx------   2 username      users        1024 Jan 11  2000 mail
< drwxr-xr-x   2 username      users        1024 Feb  2  2001 public_html
< drwxr-xr-x   2 username      users        1024 Sep 22  2000 public_keys
< drwxr-xr-x   2 username      users        1024 Apr  9  2004 tmp
i Data connection 71AB3B91 closed normally.
< 226 Transfer complete.
> CWD /home/username/public_html
< 250 CWD command successful.
> TYPE A
< 200 Type set to A.
> PASV
< 227 Entering Passive Mode (192,168,0,x,34,198)
i Data connection 71AB3B91 connected.
> LIST
< 150 Opening ASCII mode data connection for /bin/ls.
< total 5
< drwxr-xr-x   2 username      users        1024 Feb  2  2001 .
< drwxr-xr-x  18 username      users        2048 Apr 13 17:14 ..
< -rwxr-xr-x   1 username      users          29 Jun 29  1999 index.html
< -rwxr-xr-x   1 username      users         757 Feb  2  2001 test.sh
i Data connection 71AB3B91 closed normally.
< 226 Transfer complete.
> Transfer(00BD0678): PASV
< Transfer(00BD0678): 227 Entering Passive Mode (192,168,0,x,34,200)
i Transfer(00BD0678): Data connection 71AB3B91 connected.
> Transfer(00BD0678): LIST test.sh
< Transfer(00BD0678): 150 Opening ASCII mode data connection for /bin/ls.
< Transfer(00BD0678): -rwxr-xr-x   1 username      users         757 Feb  2  2001 test.sh
i Transfer(00BD0678): Data connection 71AB3B91 closed normally.
< Transfer(00BD0678): 226 Transfer complete.
i Transfer(00BD0678): Opening file 'test.sh' for download as 'test.sh'.
> Transfer(00BD0678): PASV
< Transfer(00BD0678): 227 Entering Passive Mode (192,168,0,x,34,201)
i Transfer(00BD0678): Data connection 71AB3B91 connected.
> Transfer(00BD0678): RETR test.sh
< Transfer(00BD0678): 150 Opening ASCII mode data connection for test.sh (757 bytes).
i Transfer(00BD0678): Data connection 71AB3B91 closed normally.
< Transfer(00BD0678): 226 Transfer complete.
i Transfer(00BD0678): 788 bytes (of 757 bytes) transferred in 0.03 seconds (25.61 KB/s).
< 421 Timeout (900 seconds): closing control connection.
i Control connection closed normally.
Does this help ?

Please keep us informed.

Thanks~

~JcJ