View Attach (2) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 portforward.png 23.6 kB 1 26-Feb-2024 05:07 Ben Spink
png
 portforwards.png 99.4 kB 1 26-Feb-2024 05:08 Ben Spink

This page (revision-4) was last changed on 31-Oct-2024 03:11 by Ben Spink

This page was created on 26-Feb-2024 05:05 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 3 changed one line
PortForwardS simple listens using SSL and then forwards the data in plain text mode. So CrushFTP in this case is offloading the SSL work and you could have some other HTTP server behind CrushFTP.\\
PortForwardS simply listens using SSL and then forwards the data in plain text mode. So CrushFTP in this case is offloading the SSL work and you could have some other HTTP server behind CrushFTP.\\
At line 7 changed one line
[attachements|portforward.png]
[attachements|portforward.png]\\
\\
\\
PortForwardS also has SSL configuration options.\\
[attachements|portforwards.png]
----
It is also possible to take specific connections to any other CrushFTP port and hand them off to this port forward configuration. Think of a specific scenario where you need once source IP to go to OpenSSH instead of CrushFTP for SFTP for legacy reasons, etc.\\
\\
Set the PortForward server item to forward to the OpenSSH port on 127.0.0.1. Set its name to be "RedirectOpenSSH". For the source port of this port forward, you can use some high number port that isn't allowed, we won't be using that anyway. Technically the port doesn't even need to be enabled as its not accepting a socket.\\
\\
On your SFTP port item, under IP restrictions, make sure you have one existing "allow all" rule there...the start IP of 0.0.0.0 and stop IP of 255.255.255.255. (Otherwise if you forget this, adding a ban rule will also mean that no connection are allowed since they don't meet the criteria.) Then add a new item, blocking the specific source IP of the location that you want redirected. Set that as the start and stop IP, and "deny" it.\\
For the reason of denial, set it to be "FORWARD:RedirectOpenSSH". The name here matches the port item name from above.\\
\\
When connections from that source IP hit the SFTP port...we search for a matching port item name...in this case "RedirectOpenSSH" and then we hand the connection over to that server port instead.\\
It then does normal port forwarding as if the connection had hit this server item port to begin with.\\
Version Date Modified Size Author Changes ... Change note
4 31-Oct-2024 03:11 2.266 kB Ben Spink to previous
3 26-Feb-2024 05:08 0.782 kB Ben Spink to previous | to last
2 26-Feb-2024 05:07 0.687 kB Ben Spink to previous | to last
1 26-Feb-2024 05:05 0.559 kB Ben Spink to last
« This page (revision-4) was last changed on 31-Oct-2024 03:11 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
LeftMenu

JSPWiki