FTP problem and network issue

[bassi]

I have a Mac at work which I would like to access from my home DSL line to transfer files etc. and allow other users to access for critical files from anywhere on the internet. I have a fixed IP address and thought it would be relatively straightforward.
Anyway, I setup a new user account under X.1.4, which would be a deposit for files for other users and started FTP access. I even have a firewall setup so access is timed for particular periods only. I tried accessing the Mac using Transmit. No joy. I then tried using the Go menu in finder and connect to server menu, I inserted the IP address and then got a timeout.
I was curious and decided to check my firewall log and also used Macsniffer (Brian Hill) at home and log the events during the connection. What I got was a repeated "ICMP echo request no. 3" at an entirely different IP which must be the server where my computer is based. The translation by the firewall for ICMP 3 was "destination unreachable" admin applied filter.
What is going on?
Obviously the server at work has a firewall itself but I would imagine they would allow ftp access, it's critical for my work.
I know I'll have to wait until Monday to ask the server admin for advice (which I should have done before I ventured out on this), but I would appreciate any info on this problem. What to ask for etc.
My DSL connection is using DHCP so I imagine it may be difficult for the server admin to register my IP as legit.
I'm a newbie to all this network stuff and OS X in general.
Many thanks.

[bluehz]

I wouldn't count on that working to tell you the truth. Sound slike you have several routers between you and the actual ftp server on your machine at work. FTP can be quite finicky about routers and return requests, etc.

Couple of things I might request instead:

* If you just need file transfer capabilities - you might want to think about just using AFP (Apple File Sharing) the same thing you use to mount local machines connected to you. I have found that IT people are much more open-minded to opening up port 548 (I think thats right) for you to give you AFP access to your machine, than they areto opening up the ftp port or some other less secure (read PC familiar, hacakable) ports.

* Another option for file transfer would be to setup your own Peer2Peer (P2P) server like Hotline or Carracho - very easy to do...get a server and get a client - start the server on your work machine and access it via the client from home - same as above - IT is much more likely to open up port 5500-5501 for you to use HL and Carracho.

* One other solution is Timbuktu - this is the ulitimate and what I have used for years, Actually allows you to control your Mac remotely - the whole time viewing the screen on your work mac while working from home. File transfers, the whole works...just depends on your needs....

[bassi]

Thx for the information, I think you're right.
I have just been looking at the timbuktu documentation. I will give it a whirl.
I wonder if two users can simultaneously log on to the machine with independent accounts at the same time?

[Craig R. Arko]

No; with Timbuktu you would still be sharing the same screen as the logged in user.

[Novajo]

I have made a page on setting up appleshare on DSL (you need to do some tricks). I use it all the time. BTW, if you use FTP, you will not be able to transfer the resource forks of the files (that have one), AppleShare allows you to transfer the whole file (data + resource):

http://www3.sympatico.ca/dccote/appl...overpppoe.html

[macubergeek]

you might also conisder scp, part of ssh...secure copy protocol
lets say I'm on box a 63.45.123.2 and my username is james k and I want to move a local file file.txt to my home directory at box b 204.23.45.2 and my account there is jimbo

I would do:
on box a
cd to directory where file.txt is then:
scp jamesk@63.45.123.2:file.txt jimbo@204.23.45.2:/Users/jimbo/ .

note this is all done on one line and also notice the trailing period.

[bassi]

One of my friends at work apparently accessed his graphite G4 from outside work using ftp on 0S 9!
I wonder, I leave my computer logged out when I leave work. Should I be logged in as admin to allow ftp to the computer?
If not, I wonder if it's the firewall I've installed. I'm running firewalk X at the moment and I've opened up the ports for ftp. And, I've also allowed ICMP traffic.
What the hell is going on.

[macubergeek]

You don't want to run and leave ftp open.
It's an extremely vulnerable service.

lets say you want to scp a file from macine a to machine b

machine b is your box at home.

do this:
make a file in your home directory on machine a called copyhome
do:
chmod 700 copyhome
then put this in the file:

#Useage:
#move this script someplace in your path
#like /usr/sbin by doing:
#sudo mv copyhomse /usr/sbin/copyhome
#rehash
#then cd to the directory where the file
#you want to move lives, then
#do:
#then cd to the directory where the
#directory where the file you want to
#move lives then do:
#scp filename ipOFtargetBox
scp $1 jamesk@$2:/Users/jamesk/.


Notice the period on the end of the last line

[macubergeek]

oops
you should stick: #!/bin/sh
above
scp $1 jamesk@$2:/Users/jamesk/.

anyway try that.

[macubergeek]

Again all my apologies
last 2 lines should read:
#!/bin/sh
scp $1 jamesk@"$2":/Users/jamesk/.

see what happens when you switch back and forth between
c shell and bourne and don't pay attention

[bakednotfried]

hi bassi,

not sure if you are up and running with this yet or not, but here are a couple of things to keep in mind.

- is the ftp server running on your macosx box. this is handled in the network control panel. one way to test is from the command-line on your macosx box itself. if this works, can you ftp into your macosx box from another computer at work?

- do you have a firewall running on your macosx box. if so, does turning it off solve the problem?

- do you have a firewall at home? if so, does turning it off solve the problem?

- do the netadmins at work have a firewall? if so, will they allow you in with a dynamic ip?

hope this helps,
mike

[bassi]

Thanks for the advice guys.

Macubergeek, I tried to ssh my box from home and it didn't work. scp is just a variant of ssh right? I can however sftp the work server but it will not except my id from work. I recently bought Mac OSX Unleashed and I'm just starting the Unix chapters, I have a lot to learn!
Bakednotfried, I will definitely try your suggestions. I am running a firewall at work and home so that may be a problem, it's pretty hard to troubleshoot the work and homebox when they're an hr apart by commute. I have followed the setup guide to the letter for the firewall, to allow ftp access, although having read Uber's comments I think this is a bad idea.
I have downloaded and setup a Carracho server at work, one of my friends from the US couldn't access it all. He could ping me, and when he did he got a pause at a server based down the road, and my firewall Iogged access attempts using the ICMP protocol, no. 3. My mistake perhaps? The traceroute we performed after that worked fine to either our computers.
I think the short answer is, talk to the admin guy, but he's so hard to find and hasn't even answered my broken French email.
I'll fill you in when I've had a chat with him.

Thx

[bluehz]

Best of luck getting the IT dept to assist you......hahahahahaha

TIP - don't mention you are on a Mac or they will instantly shut the doors on you - NO SOUP FOR YOU!

[bassi]

LOL

However, I work in a scientific laboratory, and the majority of people here use Macs. This maybe statistically erroneous but I've only seen 2 PC laptops out of 50 or so computers. Most people still use OS 9, because of the lack of OS X ports for programs like Endnote, Kaleidagraph and so forth. The alternatives aren't that good.

Now, off to the basement to seek the IT guru.

[macubergeek]

It sounds like your firewall at work is blocking your incoming ssh connectiions. I would suggest trying this.

on your home machine:
go into system prefs
sharing>application tab
check the box "Allow remote login"

Now from your work box scp files TO your home machine
for example:
on the command line cd to the directory where the file you want to move lives and type:
scp <filename> <yourusername>@<ip of homebox>:/Users/<yourusername>/.

do this all on one line...if necessary stretch the terminal window out
This will secure copy your file FROM your work box TO your home mac

If you are using a PC at work, install cygwin on your work pc with ssh
go here:
http://www.cygwin.com/

Look this will take practice. scp was a bit daunting just don't forget the trailing period at the end of the command line and follow the above syntax...or if you use a macosx box at work you can make the script I showed you before...name it copyhome....do chmod 700 copyhome and then you can use it instead.

[bassi]

Macubergeek,

Yep, this seems like the only way. I just had a chat with net admin here and they will allow no ftp servers here at all. I posited the idea of Carracho, big no no. They're afraid of crackers etc. trying to enter the network. I will plead my case but it looks hopeless.
I'll try scp, you're right it is daunting, just when you think you have a handle on the unix stuff you read other posts and realise how far behind you are. I will not give up! Some of my colleagues use OS X and poo poo the terminal, and I'm a legacy mac user having been at it for 12 yrs. Not that long, but long enough to remember the SE30, and the good old 6100 and the wry smile it bought to my face. I embrace the command line with trepidation and awe

B

[bluehz]

Is your office network PC based? If so maybe they have the facilities for VPN already setup. If that is the case - you could possibly VPN into the network and then access your machine. I used to have to do that at our corp. network. The state of VPN on Mac is abyssmal (never had any luck with anything but OS 9). Also once you get into the network - it is BUTT SLOW via the pc protocols. What I found though was that you can use Timbuktu to access your remote box (once already in the VPN) and work off your machine remotely - strangely enough - it is 10x faster than accessing through the straight VPN. For example - a simple file transfer from PC shared drive on the remote network would be about 1-2k/sec speed (cable modem), whereas if I logged into my remote machine via Timbuktu, mounted the PC drive locally (at the remote site), then transferred the file through Timbuktu I would get 10-15k/sec speeds.

VPN is quite finnicky - but it may be your only option. For some reason PC IT'ers will do the VPN thing - I guess because they understand it (or so they think).

[macubergeek]

bassi <Luke>
do not fear the command line.....it is the force

Unix command lines are rational
unlike windows...unix only uses forward slashes

the syntax is usually command <options> <argument 1> <argument 2> etc.

you can repeat a command by hitting up-arrow, return

It's just a matter of practice. With practice you gain confidence and comfort with it.

.......go with the force Luke

[bassi]

I understand Uber <Obiwan>.
I will quell my anger to prevent the seduction of the dark side <Wintel/ insecure ftp/ torture network admin>

B