View Single Post
  #34 (permalink)  
Old August 18, 2007, 09:03 AM
Haz Haz is offline
Rookie
 
Join Date: Aug 2007
Posts: 4
Default Confirmed

**CONFIRMED **

TELUS is using SPI. I've just tested this on my friends TELUS DSL connection.

I setup a simple FTP server using port 21 and connected the box directly to the DSL modem (NO ROUTER INVOLVED). Attempts to make an FTP connection to the box from across the internet fail.

We tried non-standard ports gallore and still had the same problem. So this 100% indicates to me that TELUS has implemented SPI in the layer somewhere.

Conclusion : For those of you that wish to run an FTP server on your box over the TELUS consumer network , you will need to run an SSH capable FTP server over one of the standard SSL ports (443 or 563 and sometimes 995).

For those of you that wish to host your LX NAS on a TELUS consumer connection, the scenario gets quite a bit more involved. Here is basic rundown of what you need to do. I can offer more assistance via email if you require it.

You need to have your LX connected to your internal network with a static IP configured - something 192.168.1.200

DO NOT configure port forwarding for the LX NAS in the router AT ALL as it is pointless.

Setup an SSH Daemon on a PC running on your internal network. A good one that is tried and true is WinSSHD (WinSSHD (Bitvise))

Then you will need carry around an SSH Client with you when you are not at home, or hook your friends up with one and show'em how to use it so they can access your FTP. A good one is Tunnellier (Tunnelier (Bitvise))

I wont go into detail on how to configure these two components right now, but it is not that complicated.

Configure WinSSHD to listen on any port (443 is probably best choice for numerous reasons, but not required).

Configure your router to forward port 443 from WAN to LAN (PC running WinSSHD).

***CAUTION : IF YOU HAVE A LINKSYS ROUTER ***
The majority of consumer linksys wired/wireless routers WILL NOT forward port 443 as this is a BY DESIGN flaw - this is because linksys routers support HTTPS for the config interface, and even if you tell it not to allow HTTPS it still bites the port, so its a no go - USE PORT 563 !

Configure the Tunnelier client to connect to WinSSHD on the port you have it configured to listen on. Here is where it gets tricky, and by that I mean hard to follow for most people.

Under the C2S tab , configure a rule to listen on 127.0.0.1 - port 21 (or any other) distination host is the internal IP of your LX NAS. Comment can be anything. Check off Accept server-side-port forwardings.

Log tunnelier into your SSHD from any computer outside your router and point your FTP client at 127.0.0.1 and the port your configured to redirect. And there ya go. Works.

Obviously some PROS and CONS here. CONS being that its a pain in the ass to setup like this. PROS its FAR FAR more secure this way.

In any case, TELUS customers are getting the dry hump. End of story.
Reply With Quote