Router headaches

DavidPhillips · 03-25-2003, 01:32 PM

What tunnel

do you mean you have ssh connected and are forwarding port 80, and connecting to 127.0.0.1 on the client?

Ftp is different from http, it uses a ramdon port to connect on.

All you need to do is use a remote login and then connect to your server on the internet.

I guess you have no server on the internet and want to access the internal machine using a windows client. If this is the case you can setup http upload using cgi or perl and you could set / or any other folder as the http document root, so you can download anything you want to.

you need to make sure the server is only accessable from the local machine or this would be a gaping hole in your security.

The thing I am trying to say is that the best way to do this is to login to the internal machine, then you can use any method you wish to transfer files and do anything else. This of course requires a server on the internet to transfer files to. Otherwise this is going to become much more complicated. You are going to need to do a lot of configuration of the http server to provide file upload functionality. If however you just want to get files from the internal machine you can just download them. The problem is http is a sloppy protocol for file transfer. Files should probably be put into some zip format before download so they can be verified on the other end when they are unzipped.

You might want to look into scp ( a function of ssh ) as a possible solution if all you need to do is transfer files.

hotrodowner · 03-25-2003, 01:53 PM

You see, I'm using a windows version of openssh to make a reversable connection. If ftp wont work, then I just need to configure apache to only allow connections from people who have an account on both ends. You see, my teacher wants me to figure this out, so he can download and upload files from home. but I dont want just anyone from inside the school to go to his website and download files from the my documents folder. At least he would be able to download files from this.

DavidPhillips · 03-25-2003, 02:19 PM

ok,

You will need to setup apache to do http uploads and set the doc root or a virtual domain to a folder above where the files are.

You need to block all outside connections to the http server.

The connection to localhost on the client is actually a connection to localhost on the server.

The other choice....
I think there is a windows client for scp
have a look at putty for windows and see if it can do file transfers over the ssh connection.

DavidPhillips · 03-25-2003, 02:34 PM

putty also has psftp which works well for file transfer

you would just use it to connect to the local machine on the forwarded port, it uses ssh

hotrodowner · 03-25-2003, 03:59 PM

my teacher cann't function without a gui, dont ask me why he's our computer engineering teacher either. but he NEEDS a gui. do you know how to set those permissions in apache? I dont mean to be so cumbersome.

DavidPhillips · 03-25-2003, 04:33 PM

do you mean the document root or virtual domain?
upload or just download

<Directory /var/www/upload>
EnablePut On
Options +Indexes
AuthType Basic
AuthName Temporary
AuthUserFile /etc/httpd/conf/access/upload/.htpasswd
EnableDelete Off
umask 007
require valid-user
</Directory>

<VirtualHost *>
ServerAdmin admin@domain.com
DocumentRoot /var/www/upload
ServerName upload.domain.com
ErrorLog logs/dm3-error_log
CustomLog logs/dm3-access_log common
</VirtualHost>

you will need a webpage interface and cgi script to actually do an upload

upload.html

Code:

<html>
<head>
    <title>Upload ...</title>
</head>
<body BGCOLOR="396DA5">
<p>
        <form ENCTYPE="multipart/form-data" ACTION="/cgi-bin/upload.cgi" METHOD="POST">
      
	<h3>Choose the files you want to upload from your computer.</h3>

	 <hr size=l>
	 <table BORDER=0 WIDTH="500">

        <tr>
            <td ALIGN=RIGHT>
                File #1:
            </td>
            <td>
                <input TYPE="FILE" NAME="file-to-upload-01" SIZE="35">
            </td>
        </tr>
        <tr>

            <td ALIGN=RIGHT>
                File #2:
            </td>
            <td>
                <input TYPE="FILE" NAME="file-to-upload-02" SIZE="35">
            </td>
        </tr>
        <tr>
            <td ALIGN=RIGHT>

                File #3:
            </td>
            <td>
                <input TYPE="FILE" NAME="file-to-upload-03" SIZE="35">
            </td>
        </tr>
        <tr>
            <td ALIGN=RIGHT>
                File #4:
            </td>

            <td>
                <input TYPE="FILE" NAME="file-to-upload-04" SIZE="35">
            </td>
        </tr>
		<tr>
			<td COLSPAN=2>&nbsp;<br></td>
		</tr>
        <tr>
            <td>

                <input TYPE="SUBMIT" VALUE="Upload">
                <input TYPE="RESET" VALUE="Reset">
            </td>
        </tr>
        </table>
        </form>

</body>
</html>

----------------------------------------------------------------

<Directory /home/user/Documents>
order deny,allow
deny from all
allow from localhost .localdomain
Options Indexes FollowSymLinks
</Directory>

--------------------------------------------------------------

DocumentRoot /var/www/html

Tell him to get a GUI for windows that supports sftp and connect it to localhost on the forwarded port.

I'm sure you can get a number of them that will work.

DavidPhillips · 03-25-2003, 04:38 PM

upload.cgi

Code:

#!/usr/bin/perl
BEGIN
{
$SAVE_DIRECTORY = "/var/www/upload";
$MAXIMUM_UPLOAD = 0;
$ALLOW_INDEX = 0;
$SUCCESS_LOCATION = "";

chop $SAVE_DIRECTORY if ($SAVE_DIRECTORY =~ /\/$/);
use CGI qw(:standard);
$query = new CGI;

foreach $key (sort {$a <=> $b} $query->param())
{
next if ($key =~ /^\s*$/);
next if ($query->param($key) =~ /^\s*$/);
next if ($key !~ /^file-to-upload-(\d+)$/);

$Number = $1;

        if ($query->param($key) =~ /([^\/\\]+)$/)
                {
                $Filename = $1;
                $Filename =~ s/^\.+//;
                $File_Handle = $query->param($key);

                if (!$ALLOW_INDEX && $Filename =~ /^index/i)
                        {
                        print header;
                        print <<__END_OF_HTML_CODE__;
<HTML><HEAD><TITLE>Error: Filename Problem</TITLE></HEAD><BODY BGCOLOR=396DA5><H3>Filename Problem</H3><P>You attempted to upload a file that is not properly formatted.  The system administrator has decided that you can not upload files that begin with the word '<B>index</B>'. Please rename the file on your computer, and try uploading it again.<P><A HREF="https://www.domain.com">www.domain.com</A> - <A HREF="https://upload.domain.com/upload.html">Upload Files</A> - <A HREF="https://upload.domain.com/">Browse Upload Folder</A></BODY></HTML>
__END_OF_HTML_CODE__
                        exit;
                        }

                        if (!open(OUTFILE, ">$SAVE_DIRECTORY\/$Filename"))
                                {
                                print header;
                                print <<__END_OF_HTML_CODE__;
<HTML><HEAD><TITLE>Error: Filename Exists</TITLE></HEAD><BODY BGCOLOR=396DA5><H3>Filename Problem</H3><P>The filename '<B>$Filename</B>' already exists on the server.  The system administrator has decided that you can not overwrite files on this server. Please rename the file on your computer, and try uploading it again.<P><A HREF="https://www.domain.com">www.domain.com</A> - <A HREF="https://upload.domain.com/upload.html">Upload Files</A> - <A HREF="https://upload.domain.com/">Browse Upload Folder</A></BODY></HTML>
__END_OF_HTML_CODE__
                                exit;
                                }
                undef $BytesRead;
                undef $Buffer;
                while ($Bytes = read($File_Handle,$Buffer,1024))
                        {
                        $BytesRead += $Bytes;
                        print OUTFILE $Buffer;
                        }
                push(@Files_Written, "$SAVE_DIRECTORY\/$Filename");
                $TOTAL_BYTES += $BytesRead;
                $Confirmation{$File_Handle} = $BytesRead;
                close($File_Handle);
                close(OUTFILE);
                chmod (0444, "$SAVE_DIRECTORY\/$Filename");
                }
        fi
}
        $FILES_UPLOADED = scalar(keys(%Confirmation));
        print header;
        print <<__END_OF_HTML_CODE__;
<HTML><HEAD><TITLE>Upload Finished</TITLE></HEAD><BODY BGCOLOR=396DA5><H3>Upload Finished</H3><P>You uploaded <B>$FILES_UPLOADED</B> files totalling <B>$TOTAL_BYTES</B> total bytes.  Individual file information is listed below:<PRE>
__END_OF_HTML_CODE__
        foreach $key (keys (%Confirmation))
                {
                print "$key - $Confirmation{$key} bytes\n";
                }
        print <<__END_OF_HTML_CODE__;
</PRE><P><A HREF="https://www.domain.com">www.domain.com</A> - <A HREF="https://upload.domain.com/upload.html">Upload Files</A> - <A HREF="https://upload.domain.com/">Browse Upload Folder</A></BODY></HTML>
__END_OF_HTML_CODE__
exit;

}
# ---------------------------------------------------------------------
# EOF

hotrodowner · 03-27-2003, 06:50 AM

I dont have perl on the computer because both computers are running Windows XP. I trust linux software above any other, and believe the linux programmers know exactly what they're doing. However, I need this cabability from two windows computers. I installed a windows version of openssh and apache. That is why sftp didn't work, and I needed apache to do the file management. But this means that the cgi script you gave me wont work. Is there another way to upload files to my windows apache web server?

DavidPhillips · 03-27-2003, 10:39 AM

now I'm confused

Quote:

Router headaches ( post #1)

My Linux server is on my school's network. But I want to access it at home.

DavidPhillips · 03-27-2003, 10:43 AM

if you have ssh you can still do ftp to the internet from the ssh login. The computer on the internet has to be the server.

You could get an account on a server that has ftp upload, then you would not need to run an ftp server and you could still share files through it.

DavidPhillips · 03-27-2003, 10:50 AM

if you simply must have a gui then run vnc and tunnel it through ssh

once you are connected you can do anything you want, including using a gui ftp program to send file to or receive from an ftp server.

I think I would just type `ftp user:password@ftp.domain.com` into a dos prompt and get on with it.

viewing the desktop over a slow connection is going to be painful.

SlickWilly · 03-27-2003, 02:19 PM

Urm... don't want to butt in on this...

But there's a GUI version of scp

ssh.com recently released their ssh for Workstations for non-commercialy use free.

You can download it here :

http://www.ssh.com/support/downloads/secureshellwks/

and it has a very nice GUI scp program that integrates well with it.

Slick.

hotrodowner · 03-27-2003, 02:41 PM

The situation has changed from when I first started this thread. At first I wanted to access my server at home, now my teacher wants to access his windows xp computer at home, with the best security possible. The windows version of openssh does support sftp, only remote command prompt. But it the thing you said first about the ssh -R 8080:localhost:8080 <ip of home compuer> worked, and now I want to send files back and forth between the two computers. I tried IIS ftp, but it wouldn't work because it gave invalid syntax commands. I tried IIS web server, but could only get the anonymous user to work. I need more security. So I downloaded the new appache web server for windows and installed it. Now I have apache working on port 8080, and it denys everyone but 127.0.0.1, however, I now needs a means of having the web server upload files from the home computer, back to the <hidden behind school routers> work computer. I looked at your upload.cgi script, and noticed you were using perl for uploads. When I try to upload files, it just times out. I need another cgi script that is compatible with windows software. Thank you so much for your help so far!!!!!!!!!!!!

DavidPhillips · 03-27-2003, 04:13 PM

if the windows version of ssh works for forwarding http then there should be no problem using scp.

I believe I would go with that over trying to establish an http upload.

scp is much more of a suitable protocol for file transfer than http.

The same idea would apply. you would forward the ssh port and connect to the local port with scp

scp is secure copy and is a lot like sftp.

DavidPhillips · 03-27-2003, 04:17 PM

You will need CGI.pm for the script to work

There may be other scripts available for this.

I am sure you can do it with http if you must do it that way. cgi-bin works with most any platform