Ticket Options
Question Profile
| DATE | May 18, 2007 |
| TICKET | #334202 |
| STATUS | Closed |
| SUBJECT | FTP into my computer from outside IP |
| CAT | Home/Business Network and/or Internet Connection |
| TYPE | Other Networking |
| DESC | |
| DESC | |
| PLATFORM | Apple Macintosh (Intel) |
| MODEL | Apple iMac |
| PROC | 2.16 GHz Intel Duo |
| RAM | 2 gig |
| DRIVE | 250 gig |
| NAME | Tyler |
| USERNAME | photographyshoot |
| TECHNICAL | Lots of Experience |
| ISSUE | Some Troubleshooting |
Question Details
TICKET ARCHIVE -> FTP into my computer from outside IP
photographyshoot - May 18, 2007 - 3:05 pm
What other steps do I need to take to FTP into my home computer other than just turning on FTP services in the sharing control panel?
Thanks,
Tyler
Thanks,
Tyler
stottm - May 19, 2007 - 8:02 am
FTP is extremely insecure. It sends your password in plain text and that means it can be intercepted enroute when you connect. Using a remote FTP connection might make you vulnerable to being hacked.
A better solution is to setup SSH and use it's SFTP functionality. That's Secure Shell (SSH) and Secure File Transfer Protocol (SFTP).
You will need to read these documents to understand it and to create a public/private encryption key pair. The following documents provide step by step instructions, don't be intimidated, it's not that hard at all.
SSH Part I - http://www.macdevcenter.com/lpt/a/4996
SSH Part II - http://www.macdevcenter.com/lpt/a/5001
SSH Part III - http://www.macdevcenter.com/lpt/a/5022
SSH Part IV - http://www.macdevcenter.com/lpt/a/5071
Summary:
1. Setup SSH using the documents above
2. You turn on SSH by checking "Remote Login" under Preferences Sharing Services.
3. If you have a router, I highly recommend using a non-standard port. SSH uses port 22 by default. But if you open port 22 on your router and forward that port to your Mac's port 22 then you will be attacked by those looking for vulnerabilities. So you should open a non-standard port like 3021 and forward that port to port 22 on your Mac. So when you connect to your router from the outside world you connect using an SFTP client to port 3021 which gets forwarded to port 22 on your Mac.
In order to reach your Mac over the Internet you need to know what your real Internet IP address is. You can browse to http://whatismyip.com/ find the IP address of your router. You can also sign up for dynamic DNS to get a hostname that will adapt to a changing IP address. http://www.dyndns.com/services/dns/dyndns/
There are many SFTP clients available. WinSCP is good for Windows. Transmit is good for the Mac. There are many free and not-free SFTP clients.
Using SFTP will encrypt all traffic over the Internet. It is the only way to go to avoid getting hacked.
A better solution is to setup SSH and use it's SFTP functionality. That's Secure Shell (SSH) and Secure File Transfer Protocol (SFTP).
You will need to read these documents to understand it and to create a public/private encryption key pair. The following documents provide step by step instructions, don't be intimidated, it's not that hard at all.
SSH Part I - http://www.macdevcenter.com/lpt/a/4996
SSH Part II - http://www.macdevcenter.com/lpt/a/5001
SSH Part III - http://www.macdevcenter.com/lpt/a/5022
SSH Part IV - http://www.macdevcenter.com/lpt/a/5071
Summary:
1. Setup SSH using the documents above
2. You turn on SSH by checking "Remote Login" under Preferences Sharing Services.
3. If you have a router, I highly recommend using a non-standard port. SSH uses port 22 by default. But if you open port 22 on your router and forward that port to your Mac's port 22 then you will be attacked by those looking for vulnerabilities. So you should open a non-standard port like 3021 and forward that port to port 22 on your Mac. So when you connect to your router from the outside world you connect using an SFTP client to port 3021 which gets forwarded to port 22 on your Mac.
In order to reach your Mac over the Internet you need to know what your real Internet IP address is. You can browse to http://whatismyip.com/ find the IP address of your router. You can also sign up for dynamic DNS to get a hostname that will adapt to a changing IP address. http://www.dyndns.com/services/dns/dyndns/
There are many SFTP clients available. WinSCP is good for Windows. Transmit is good for the Mac. There are many free and not-free SFTP clients.
Using SFTP will encrypt all traffic over the Internet. It is the only way to go to avoid getting hacked.
photographyshoot - May 20, 2007 - 1:27 pm
Thank you for the step by step directions... still having no luck. Have even tried two different routers(belkin and linksys). Is there some other seting on the routers I am missing?
Thanks...
Thanks...
stottm - May 20, 2007 - 4:21 pm
Sorry, you need to forward the router network port you are using on the Belkin or the Linksys. i.e.
68.23.123.12 (external) ---> 192.168.1.1 (internal)
The router's external ip address is the 68.x.x.x example and the 192.168.x.x one is the internal ip address. You need to forward the port you wish to use for SFTP.
68.23.123.12:3021 ----> 192.168.1.1 -----> 192.168.1.102:22
So the router listens on port 3021 at the external ip address and forwards that port to port 22 on the Mac which is the 192.168.1.102. I recommend this vs. just forwarding 22 to 22 because everyone knows 22 is SSH and hackers will look for it.
Consult your owners manuals for the Linksys or Belkin router. They both should be able to forward network ports. The way you configure it varies. If you can't find the manual try going to the routers website, they likely have a PDF to download for the make and model of your router.
To make a connection from the client you need to specify the port.
SFTP Application 68.23.123.12:3021
68.23.123.12 (external) ---> 192.168.1.1 (internal)
The router's external ip address is the 68.x.x.x example and the 192.168.x.x one is the internal ip address. You need to forward the port you wish to use for SFTP.
68.23.123.12:3021 ----> 192.168.1.1 -----> 192.168.1.102:22
So the router listens on port 3021 at the external ip address and forwards that port to port 22 on the Mac which is the 192.168.1.102. I recommend this vs. just forwarding 22 to 22 because everyone knows 22 is SSH and hackers will look for it.
Consult your owners manuals for the Linksys or Belkin router. They both should be able to forward network ports. The way you configure it varies. If you can't find the manual try going to the routers website, they likely have a PDF to download for the make and model of your router.
To make a connection from the client you need to specify the port.
SFTP Application 68.23.123.12:3021
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
