DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th July 2013
Fekete Fekete is offline
New User
 
Join Date: Apr 2013
Posts: 4
Thanked 0 Times in 0 Posts
Default FTP as Tor hidden service.

I am wondering how to get FTP working as a Tor hidden server. I thought I could use it with just one port by forwarding 21 and disabling pasv in vsftpd.conf with pasv_enable=NO but this doesn't work.

I want users to connect to it with socat over Tor, so a typical session is like this.

Code:
$ socat TCP4-LISTEN:2021,fork SOCKS4A:localhost:obfuscated.onion:21,socksport=9050 &
$ ftp localhost 2021
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 Welcome to OBFUSCATED FTP
Name (localhost:obfuse): 
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

It doesn't work though...
ftp> dir
500 Illegal PORT command.
ftp: bind: Address already in use
So I'm wondering what I can do to get FTP running, or whether I just have to ditch FTP.
Reply With Quote
  #2   (View Single Post)  
Old 16th July 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default

ftp uses two channels a command channel and a data channel. Each channel uses separate ports
The command channel uses port 21 as destination port. The data channel, uses a destination port >1023. For each data transfer, for example an ftp 'ls', 'get' or 'put' a new data channel is created.

The difference in active and passive ftp is is the data channel. For active ftp the server initiates a connection to the ftp client using source port 20. Because most firewalls don't allow external parties to initiate connections to the clients behind that firewall. passive ftp has been invented.
In passive ftp, the client connects to the server with a port >1023.

I don't know if you could use a proxy to get ftp working with socat and Tor.
Nowadays most ftp servers also provide httpd access so maybe that could be alternative.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Tags
openbsd, tor, vsftpd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hotel’s Free Wi-Fi Comes With Hidden Extras shep News 3 8th April 2012 01:15 PM
What do you think of my OpenBSD Tor Hidden Service? feredim-924 OpenBSD Security 11 15th March 2012 07:21 PM
Gnome hidden Hallin OpenBSD Packages and Ports 1 4th May 2010 06:30 PM
service prioritization badguy OpenBSD General 1 29th July 2009 05:36 PM
hidden 16 partition and tphdisk gosha OpenBSD General 5 16th July 2009 01:41 PM


All times are GMT. The time now is 01:01 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick