The portForward server port type allows you to configure forwarding rules for a server listener. It simply accepts a connection and forwards it on to the destination location. If used in the DMZ, this is also tunneled through the DMZ to the internal server...so think of it from the Internal server's perspective, not from the DMZ's perspective.
PortForwardS simply listens using SSL and then forwards the data in plain text mode. So CrushFTP in this case is offloading the SSL work and you could have some other HTTP server behind CrushFTP.
You set the destination host and port under the advanced tab of the PortForward(s) port.
PortForwardS also has SSL configuration options.
It is also possible to take specific connections to any other CrushFTP port and hand them off to this port forward configuration. Think of a specific scenario where you need once source IP to go to OpenSSH instead of CrushFTP for SFTP for legacy reasons, etc.
Set the PortForward server item to forward to the OpenSSH port on 127.0.0.1. Set its name to be "RedirectOpenSSH". For the source port of this port forward, you can use some high number port that isn't allowed, we won't be using that anyway. Technically the port doesn't even need to be enabled as its not accepting a socket.
On your SFTP port item, under IP restrictions, make sure you have one existing "allow all" rule there...the start IP of 0.0.0.0 and stop IP of 255.255.255.255. (Otherwise if you forget this, adding a ban rule will also mean that no connection are allowed since they don't meet the criteria.) Then add a new item, blocking the specific source IP of the location that you want redirected. Set that as the start and stop IP, and "deny" it.
For the reason of denial, set it to be "FORWARD:RedirectOpenSSH". The name here matches the port item name from above.
When connections from that source IP hit the SFTP port...we search for a matching port item name...in this case "RedirectOpenSSH" and then we hand the connection over to that server port instead.
It then does normal port forwarding as if the connection had hit this server item port to begin with.
PortForwardS simply listens using SSL and then forwards the data in plain text mode. So CrushFTP in this case is offloading the SSL work and you could have some other HTTP server behind CrushFTP.
You set the destination host and port under the advanced tab of the PortForward(s) port.
PortForwardS also has SSL configuration options.
It is also possible to take specific connections to any other CrushFTP port and hand them off to this port forward configuration. Think of a specific scenario where you need once source IP to go to OpenSSH instead of CrushFTP for SFTP for legacy reasons, etc.
Set the PortForward server item to forward to the OpenSSH port on 127.0.0.1. Set its name to be "RedirectOpenSSH". For the source port of this port forward, you can use some high number port that isn't allowed, we won't be using that anyway. Technically the port doesn't even need to be enabled as its not accepting a socket.
On your SFTP port item, under IP restrictions, make sure you have one existing "allow all" rule there...the start IP of 0.0.0.0 and stop IP of 255.255.255.255. (Otherwise if you forget this, adding a ban rule will also mean that no connection are allowed since they don't meet the criteria.) Then add a new item, blocking the specific source IP of the location that you want redirected. Set that as the start and stop IP, and "deny" it.
For the reason of denial, set it to be "FORWARD:RedirectOpenSSH". The name here matches the port item name from above.
When connections from that source IP hit the SFTP port...we search for a matching port item name...in this case "RedirectOpenSSH" and then we hand the connection over to that server port instead.
It then does normal port forwarding as if the connection had hit this server item port to begin with.
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
png |
portforward.png | 23.6 kB | 1 | 26-Feb-2024 05:07 | Ben Spink | |
png |
portforwards.png | 99.4 kB | 1 | 26-Feb-2024 05:08 | Ben Spink |
«
This page (revision-4) was last changed on 31-Oct-2024 03:11 by Ben Spink
G’day (anonymous guest)
Log in
CrushFTP11 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- Manage Shares
- PGP
- Telnet
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
- AS2 EDI
JSPWiki