Ok, here is what I want to do. I wrote a script that backs up my email mbox's and www sites. It creates several .tar.gz files and then moves them to a directory on my server. Now what I want to be able to do is download those .tar.gz file to one of my WinXP workstations. My XP workstations are on a 192.168.1.0/24 network while my server is on a 10.10.11.0/24 network (hardware based firewall separates the two machines). Obviously, I know I could simply FTP into the server and download the files that way, but what I would like to do is write some type of script (or .bat if I have to do it from XP) that automatically grabs those backup files daily.

Now if the machines where on the same subnet, I could easily create a share to that "backup" directory on my server and simply moves the .tar.gz files across. But since I'm on a different subnet I'm guessing I can't do this. Correct?

Just looking for some input. Any ideas?? Can samba be used to do this or do I need something else??

1. It sounds like your web server is in a DMZ. (it should be anyway) Please confirm.

2. I don't like punching holes in the dmz to do what you want so I would set up ssh access to your web server, then do sftp with plink using the web server's public IP/DNS address. (plink.exe should be included with putty if you download the entire installer)

3. I'm a security nut, so I use public keys to access my ssh/sftp and move sshd to another port. Make sure whatever port you use is open on your firewall. If you stay with default port 22 you will be hammered by script kiddies.

Hey mpapet1!

This is correct. I actually have three networks (well 4 if you count my public IP from my DSL provider) One for my public wifi, one for my server, and one for my lan. M0n0wall (hardware based firewall) handles all routing between the networks. NOTHING is allowed (from the net) into the LAN or Wifi networks. Only SSH, http, POP3, and SMTP are allowed into the server network via NAT. (FTP is currently not allowed in from the net)

This is what I thought I was going to have to do. Since I already have SSH setup, I just need to get sftp on the windows machine that I want to sftp into the server with. The Putty I have only lists, "RAW", "Telnet", "Rlogin", and "SSH" as protocols. While I'm not familiar with sftp, I'm assuming it is tunneling ftp traffic via SSH, correct? So nothing additional needs to be setup on the server other than SSH and FTP, correct?

I have had port 22 open FOREVER on my firewall so that I can SSH in. Maybe I should rethink that...

Now I have to figure out a way to automate all of this. I really don't want to have to manually do this every day...

1. You should have plink.exe in the same install folder as your putty.exe. You should be able to use plink in a script to do the work for you.

2. If you have ssh already running, sftp kind of sits on top of ssh, so an sftp client should be all that is needed. I don't remember this perfectly, so look into it some more.

3. It's obvious you aren't reading your logs if you have kept ssh on port 22. How do you know what's happening on your DMZ'd servers?

4. I use perl on win32 for scripting. I recommend strawberry-perl because it uses a GPL dmake for the entire distro. Decent/Good cpan compatibility. Certainly better than activestate's.

Just checked my log files for the first time in, I don't know... Years maybe... Looks like I was hit with a scanner out of China trying everyname and pass in the book on my sshd. Maybe it is time for a port change... :-)

Thanks for the help. I'll see about scripting some kind of automatic ftp transfer.