mapping FTP site as local drive

I have a small problem, there is one Win98 PC on our network, and I would like to map the FTP server that we have as one of the Win98's machine's local drives. I am by no means a Windows expert, instead my area is *NIX. The webserver is just a regualar webserver, within the LAN. I tried searching the 'net, and came across people who have done it, but with no instruactions of how to do it. Does anyone have a clue how to do it? The FTP server runs just FTP services, no SMB services (naturally, otherwise id just map the SMB service directory ). Thanks.

Are you wanting to map the entire Unix FTP server to the Win98 machine or just a sub-dir of the Unix FTP server to the Win98 machine?

If you want to do the entire FTP Server to Win98 then I would think that some sort of ipnat would get the job done.

If you want to do a single sub-dir, then samba would be the way to go or use a Win32 nfsd on the Win98 machine. It appears that the Freeware War NFS Daemon is no longer available from their website so you might have to look at a commercial solution if you want to use the NFS route.

I'd do the samba connection myself and just mount the filesystem under the ftp share.

The FTP server must remain a FTP server only. You can't fix a problem by ignoring it with another solution. If samba was an option, I would have went for it, as well as if NFS was an option. The 98 machine must have no extra software installed, nor must the FTP server. THere are reasons for this, among those security (extra port open in the network, and YES that will be a problem), performance (the FTP server is barely able to handle FTP, even though smbd is lightweight, it is still going to hit the server hard, with the loads it takes), and last but not least, I do not want a "bastardised" system that requires to install clients on all machines (if any future 98 machines do come), and I want everyone talking the same protcols, makes it so much easier to troubleshoot a daemon. Sorry if I sound rude, I just hate it when people "fix" a problem by offering another suggestion that ignores the problem. I know that this can be done, and installing any OS > 98 is also not an option. I've heard of this done before......

So you want an under-powered Unix box to serve FTP for Win98 box without the addition of any CPU over-head such as SMB or NFS without installing any server software on the Win98 box.

So this precludes SMB, NFS or even natd redirection to Win98 (assuming IIS/FTP server is not installed on Win98 box).

And this is NOT a bastardised solution?

On some versions of Windows, I believe you can do this, not I'm not sure of the details. I believe it's >98 versions, such as ME. Even then, I think it's more of an "autologin shortcut" than a mapping.

And don't piss and moan about not getting the answer you want right away. That will get you nowhere fast. There are people who are trying to help in the way they know how, and most likely, are providing better solutions.

The biggest problem that I see is the communication between the Unix box and Win98 machine. Since Win98 and Unix have no network protocols in common I feel that we are at an impass.

Since we cannot use SMB under Unix or NFSd under Win98 I don't see how the communication can take place.

One thing I thought about was using natd to route FTP communications around the Unix box directly to the Win98 box. If an extra external IP is available the Unix box could virtualize this IP and natd could redirect FTP on the virtualized IP to the Win98 box running the MS-FTP service. But, that would call for software installation on the Unix box (natd) and on the Win98 box (IIS/FTP, which aren't installed by default on Win98 IIRC).

I guess there could always use a null-modem cable between the two boxes and use pppd (which might be currently installed on the Unix box) and have the Win98 contact the Unix box on the null-modem cable. Maybe something could be worked out. That wouldn't count as a bastardized solution would it? :smiley:

First of all, I was not even expecting a correct answer, so its not that im pist off because no one was able to give it to me, i got pist off because I specified that SMB was not a solution, and I got a SMB answer. Secondly, the FTP server is not underpowered, it handles its work load just fine. Thirdly, and most importantly, the main reason for not wanting another protocol is security. THere are already too many services available on the network, and *YES* security is a concern, as the HNSG network offers SSH/telnet access to anyone that can login as request and answer a few questions. There are iptables rules set on all the linux boxes to not allow any server to communicate with the 98 box (except for the FTP server). This is not a bastardised system, it is a system with as few services as possible. For those of you that will tell me that SMB is secure, let me remind you of zero-day exploits. This is an extremely vunerable, and thus protected network that I set up, maintain, and secured. That is the true reason, although additional SMB services on the FTP server will diminish resources that could better be put towards proftpd, or one of the distributed computing projects it runs in the background. Like I said, this is a highly secure network we're talking about here, so MSFTP or IIS is *DEFINETELY* out of the question. Not only that, but I fail to understand how making the win98 box a FTP server will fix things, only complicate them, as there is already a FTP server. I will admit that I am no where near as good in Windows as I am in *NIX, that is why I posted here. After much thought on this subject, I am about ready to just say screw it. I've tried everything I can think of, from editing the 98 box's registry and changing //hostname/share of a tested map to ftp://hostname to ftp://user@hostname and changing the service definition from Microsoft Networking to God only knows how many abbreviations of FTP I could think of. I may just have to live (or rather, the user will have to live) with having a shortcut instead of a mapped drive, or just install win2k (which supports FTP-mapped drives). I've heard of it being done, but like so many MS-related stuff, it takes a win32 kernel hacker to find out how to do it, which I definetely am not. Oh yeah, and pppd won't work, as the connection needs to be at least 100 Mb/s, with the exception of some Gigabit servers (backup, etc). I guess I'm a bit of a perfectionist, as I don't want any client software installed extra to re-install when the damn 98 box goes down for the third time in a month, like most 98 boxes often do.

Wah.

I'll be happy to refund your money.

For some reason, I thought you wanted to share the Win98 via the FTP server.

I found a product on-line that does exactly what you are wanting to do, although it $29.95 per copy. I loaded a demo copy on my box and sure enough, it worked. Never thought of that before.

But my question is this: If the network is so secure, why use a protocol that sends the password in clear text? I assume that you are using a dummy account that is limited to only the FTP sub-dir only.

Have a good 'un.

smbd/nmbd take, from experience, very little resource on the machine.

And "0-day" exploits is a weak excuse not to use specific software - that type of threat can affect any piece of software ever created... If you're so worried about 0-day security holes, don't let strangers on your damn network!

Search for ftp exploits, then for Samba-specific exploits - see which you find more of... Cripes, wu-ftpd is the cause of half of them, but nearly all implementations have had problems at one point of another.

First of all, I would never use wu-ftpd, only half-witted morons use that daemon, I use Pro-FTPD. Secondly, like I said this is a high risk network, but the information being copied to the FTP server and forth is encrypted (encrypted before being sent, and after), so it doesn't matter if they can get the passwords (which would require rooting one of the servers, which is damn near impossible). Thirdly, not letting users on the network is not an option, thats plain and simple. Fourthly, Samba is still in its infant stage in my opinion, it has had nowhere as many code audits as Apache or Pro-FTPD. I don't trust it. For those of you that would just tell me to shut the hell up about the users/security, I can't take the risk with this kind of data being transferred. I can't say what it is, but I can assure you that its important enough to encrypt it on the server, and store all decryption keys on cd-rws. I forgot to mention though, sniffing is impossible because the network is switched. In order to sniff the passwords, they would already have to have root on the FTP server, which is redundant as hell, because then they could just copy the damn files. And finally, you are correct, 0-day exploits happen all the time. Thus, running less services lessens the propability that there will be a 0-day exploit for the few services that we do run, in which one or more hosts will be comprimised before a patch is available. Its all about statistics, and thats how I sleep at night. Oh yeah, commercial solutions are unacceptable, looks like the user is just going to have to deal with copying the files manually.

I call BS.

I have monitored traffic on a switched network by unplugging RJ45 and re-connecting into a hub and connecting hub to switch between two networks to monitor port usage. It is NOT impossible. Users could also get access to a mirrored port on the switch.

Then why use a protocol that sends passwords as cleartext to transfer data that is this important? Why not use scp or sftp? Is this FTP server accesable from the outside world? If so, what's to keep Ivan from sniffing out the cleartext from the outside?

But my real question is this: What is Win98 doing on a high-risk network? Isn't that a high-risk to begin with?

What's the stat? 80% of hacks come from inside the network with employees?

Again, don't delude yourself, ProFtpd has it's share of holes as well. Only half-witted morons would place FTP in the middle of a couple of "non-rootable" super-dooper-secure boxes... I'm assuming it's running chroot()'d, but there's still problems with that.

And it is possible to sniff a switched network. It's called ARP cache poisoning, and if done correctly, you'll have no idea it's happening - until it's too late, of course.

And now you have a quick FTP server that's "redundant as hell", but originally it was "barely able to handle FTP"...

I think you're jerkin us around...

Physical access, while not impossible, would first result in loss of life first, or at least someone pointing a gun at my head. All cables, etc are within two rooms, one of them is deadbolted with a door lock (where I am), the other is in another room, where 1 cable leads to the server room. Explain to me how an employee is supposed to hook up a hub in there without my knowledge. Lets get realistic here. Also, the employees are all on the outside, with the exception of ONE employee, who is on the inside, and who knows less about hacking than your average brain-dead script kiddie. There are no mirrored ports on the switch. Yes, the FTP server is inaccessable from the outside, all employees use sftp from outside connections. The win98 machine is not a security threat, as it is behind a firewall, and on top of that, with iptables rules, no server or workstation can communicate to the Win98 machine. Thus, the win98 machine could even be unpatched for all I care. My main concern was the FTP server. Again, employees are not the risk here, as I am the only person with physical access to the switch, and the other person here is a brain-dead moron when it comes to anything other than how to scedule dates on their palm pilot, and to take telephone calls.

However, to humor you, if someone can get into the lightly secured office without my knowledge, and set up a hub in there also, what the hell is to stop them from just taking a gun and shooting the lock (or for the more dramatic, blowing a hole in the wall)? And if, *IF* there were more users, and say perhaps a hub or two, you would be damn sure that I would be setting the 98 machine up on the same switch as the FTP server, located in the server room. I may be paranoid, but to think that an employee who has U.S. government level security clearance would risk their job, their liberty, and their asses to own a win98 machine, or to steal their password, or to even root one of the Linux servers, that is going a bit far. I would consider the risk if it was civilians with nothing to lose, and we didnt prosecute, but our employees know better, with the type of info that we deal with.

As for the insecure win98 machine, yet again, it has *NO* ports open, so how the hell is someone going to cause a buffer overflow on a machine with no open ports. TCP/IP attacks, maybe, but like I said, the only system that can communicate with the 98 box is the FTP server. Not even the proxy is allowed to communicate to the win98 machine, as they have no need for surfing the net and what-not.

My argument stands firm. You just confirmed that it is not impossible, even though highly improbable.

Why did John Walker turn over comm codes to Ivan? He passed the same background check that I did, and he wasn't a civilian at the time.

So you have a Windows 98 machine whose only purprose in life is to contact a FTP server. Just out of curiosity, why isn't Win2000 an option?

Ok but who's to say he couldn't be paid off and showed what to do? Everyone has there price just a matter of how high it is.

Once agin man, people can be paid off. Also people can act like they have no idea whats going on but you'd be suprised what people do notice, and how they catch on to thing.

Also I'm sensing some major type of head trip here. Everyone is a moron apart from you.

Whats stopping a earthquake from happening thus rendering all you work gone? What stopping one of those MORONS that you work with acting to stupid but yet knowing 5 times that knowledge in computers that you have?

No wonder most of the world worries about you yanks. You got the brain dead idiot how has a little bit of security and they think they are king sh*t with all the priblems in the world.

No need and what-not? Come off it man get off your high horse and come down to earth please.

Ok yes I know jack and sh*t about all this fancy security crap out these days. But hell I'm only starting to learn it all now. Also with security being an issue. Man ONLY would the YANKS have such a HIGH RISK NETWORK attached to the outside world. Yet I still find it hard to believe.
See I do work for a goverment from somewhere in this world and I to am also cleared. But there is a difference to where you work and where I work. See we don't allow the secure network to gain access to the out side world. Hell they are even in behind security doors and only can people with access get into these rooms (Like any normal security) also the general network for the place to which I work the standard desktop doesn't have access to anything apart from e-mail. Man internet PC is based on it's own running from a different line to the outside world and no way attached to the rest of the network.
AND THAT's JUST STANDARD SECURITY

I've also worked for a ISP (When I was starting off and working with Windows... aahh bad windows HELP!!!) Man I needed a security pass to get in. Yeah I had access to a heap more then the normal help desk person did and could do anything to someone's account but didn't. But that's not the fact there, see I was a Help desk person there and had same level of trainging as everyone else. BUT I took it into my own hands to look into and learn about a hacker when one was reported. I become friends with the security blokes and learnt a hell of alot there. They knew I was catching on a bit more each time. But I was still classed (as you would say) a simple mornon to the managers until oneday I showed the manager how to track down a hacker etc etc using THEIR own custom software.

I also like my cars. Much like computers car are the same. Lots of people think women know nothing about them. Well I know a good looking blonde (hell yeah she's nice) man she works with cars for a living rebuilding them. But when it comes to her car if her for any reason has to take it to someone else she'll play stupid as to get that little bit of extra sh*t done.

See so don't prech about security cause from what your telling me none of it sounds to be to a militry spec or goverment. Also don't call people morons they can just be playing that game to get what they want.

Frankly, I wouldn't let a "moron" into my data center at all.

"Morons" are the kind of people who are still spreading the Sircam worm/virus...
Not all that harmless then, are they?

Ya know, I haven't gotten a *SINGLE* Sircam message? Man, I feel out of touch. I knew I wasn't like all the other kids but geez. :wink:

DELETED by Administrator. Poster now read-only.

BANNED from posting for breaking numerous rules. -Neo