Tunneling FTP connection from home where server only accepts local IPs

I need to access an FTP server at work but the server will only accept local IPs. I cannot access it from my home machine. I have been able to ssh into my Unix work machine through PuTTY and from there successfully open a console FTP connection to the FTP server.

I could work through this, but I would prefer not to as it is very cumbersome for me. I would prefer to tunnel an FTP connection through the work machine via PuTTY so I may use my FTP client of choice, FileZilla, to accomplish my FTP needs on the server. Of course this is through port 21.

I know PuTTY is capable of port forwarding through ssh, I'm just not sure how to use it.

Home -> Work -> Server.


Solution 1:

Use a SOCKS proxy.

PuTTY window

The source port is now (locally) a SOCKS proxy. Configure FileZilla to use it as a SOCKS proxy (see below). It'll open a connection through that to the host you ssh to (your work machine) and then connect from there, to any IP address you give it. Works for anything with supports SOCKS and that includes FTP.

The rest of the PuTTY config just remains the same - configure the ports (as shown) and then connect that PuTTY session to your Work machine via SSH.

Here's what the FileZilla option needs to look like,

enter image description here

When you put in the target for the FTP connection, use the IP address not the hostname, because DNS resolution may still happen locally and you don't want that.

The whole thing is secure and invisible - it looks like a basic SSH connection to anything else on the network.

NB: If you want to do this from the command line, you can use PuTTY's plink.exe to do the following,

plink -ssh -D 9090 [email protected]

it achieves the same thing without having to create a PuTTY profile or use the GUI.

Solution 2:

Here's how to browse the file system of the internal server (behind NAT), with FileZilla or with Nautilus File Manager - using SFTP (SSH session on TCP port 22), thru gateway server (outside NAT):

  1. First run in Terminal:

sudo ssh -L 9090:{internal server hostname or IP}:22 root@{gateway server hostname or IP}

  1. Then create a new connection.

    In FileZilla:

    • Host: sftp://127.0.0.1
    • Username / Password: The credentials of the internal server.
    • Port: 9090 (same port as in terminal command).

Or in Nautilus:

sftp://127.0.0.1:9090/, then you'll be prompted to enter internal server credentials.

Now you should be able to browse the internal server file system.


enter image description here

Note: As you can see, it does not require to setup SOCKS Proxy in Putty nor in FileZilla :)

Solution 3:

Firstly its much easier / arguably better to be using SCP. Since you've got SSH it would be common for you to have SCP access also. But I don't know your network so to the question...

Firstly Make sure that your client is set to use FTP in ACTIVE mode. I wanted to suggest using passive mode but you can't control which ports will be used.

Secondly Limit the number of ports your FTP client will use in active mode down to a handful. Less that 10 would be good. And here's why.

Thirdly create remote port forwards for all of these ports.

That should get it working