...

Saturday, February 20, 2010

FTP Introduction

Alright now I'm going to sidetrack a bit to show you how you can set up a small, lightweight FTP server using FileZilla Server. This guide will show you how to set up FTP in Passive mode (PASV), which is the new standard. I'll also show you tips on how you can make your servers available through the internet.
FTP stands for File Transfer Protocol. FTP control port runs on 21 by default, but we will have to change this later on. Port 21 is typically only for control messages, while another dynamically negotiated port (which you can specify) would be responsible for the actual data transfer going between the server and the client.

First of all, we need to set up our DynDNS connectivity. Consumer internet connections usually gives dynamic IP. This means that our IP will change from time to time, so we cannot consistently connect to the same machine through the same IP. DynDNS is a service that allows clients with dynamic IPs to use dynamic domain names which would point dynamically to what the client's current IP is. This gives us a more consistent online presence. To begin, we first get an account from the official website here.

After you've chosen a nice domain name, download an update client (either third-party or official would do) here. When you're done, go to ping tester sites like ping.eu to see if your DynDNS is updating properly. My router is WRT54G, so I can run the Tomato firmware which does DynDNS updates for me.

After the dynamic domain name is established, grab FileZilla Server here. FileZilla Server is only available for Windows as of writing, but there are many other free alternatives for other platforms.

First of all we would want to install FileZilla. Run the installation and go through with the installation process.



As you can see, I didn't want the Desktop icon. But whatever your preference is, make sure that you include the Administration interface because that's going to be how we configure the server later on!



I left the port as 14147. The port specified here refers to the control port (which is 21 by default). FileZilla can also be started as a service or an application console (similar to TomCat). I'm installing it as a service and I'll run it manually because I don't use it regularly, but you choose to start automatically if you want.



I certainly do not want the Administration Interface popping up every time I log in, so I turned this off. I think you'd want to do the same.



Start by connecting to yourself. Regardless of the port you chose, it will always listen to port 14147 on the local loopback interface (127.0.0.1). After you're connected, we can begin Sharing Folders and adding Users. To do this, click on Edit > Users.

On the right side of the General section, click Add. After adding a User, tick on Password to set a password for the user.



After doing this, we can begin specifying what folders the user have access to from the Shared Folders section. This would work well for our scenario, but if you have multiple users with different shares, it's better to work with Groups.



From this point you can try FTP-ing to yourself through ftp://localhost/. However, what we want is to be able to access the server from somewhere else in the internet. So we'll begin setting up internet connectivity.

Go to Edit > Settings > Passive mode settings. Right here, we'll give it our DynDNS domain name, as well as a range of ports for data communication:



While you're here, it's also good practice to change the login banner. Do not put anything welcoming or revealing. The default banner tells any potential attacker of the platform you're using, which is definitely going to aid in the reconnaissance stage of a network attack. It is good practice to use something that implies that legal action will be taken, so that if for some reason you end up in court, you have something to use.

Type up a banner like:
This is a private FTP server! You are NOT allowed in here!
Your IP address has been logged for investigatory use!
All activities logged from this point will be used against you!
If you decide to proceed, you may face legal action!


Of course when you tell the attacker that you've logged their IP, you must really mean what you say. Simply go to the Logging section and turn on logging. 100KB is enough for typical scenarios.

That is all the configuration required for the server side. Now we'll have to forward the ports that we have. Remember, we have these ports:
FTP Control: 14147 (Default 21)
FTP Data: 14148, 14149, 14150

We now have to do port forwarding from the router. This process differs between routers, so check sites like http://portforward.com/ for instructions for your router. Mine looks like this:



It's difficult to test the system locally, so use sites like these to help you:
1) ping.eu
From this site, choose Port check and attempt to scan for the ports you have forwarded. If it's successful, you should see "open".

2) Gene6 Online FTP Test
Just plug in the parameters they require and wait for the success (or failure) message.

Right now basic connectivity is settled. We will set up Security from here. There are two modes of SSL: Explicit and Implicit. This guide will be setting up Explicit, which doesn't require a full PKI infrastructure.

To do this, we'll need to generate the necessary certificates. FileZilla can do this automatically so no worries here. Simply go to Edit > Settings > SSL / TLS Settings. Next, click on "Generate new certificate" to create a self-signed certificate.



After that you can proceed to enable SSL / TLS. To connect to the server in Explicit mode, we must connect with the ftpes:// protocol. For example, I would connect to myself with ftpes://syraxius.ath.cx:14147/. There is no need to forward anymore ports as Explicit mode listens to the default FTP port. (The port 990 you see in the configuration is for Implicit mode).

Do note that FileZilla is also included in a server suite known as XAMPP which you can obtain here.

XAMPP can also be put in a thumbdrive for portability. You can get the portable version here.

2 comments :

  1. OMG, the guide actually worked! Hahah Thank you lovely little tooty.

    ReplyDelete
  2. The world of music is diverse: from acoustic to electronic genres, from
    instrumental to purely vocal tracks. Daft Punk - Harder Better Faster Stronger There's something intriguing about a robotic voice egging you on. This song is from one of the i - Pod commercials called "Mashup.

    My web page; random access memories daft punk free download rar

    ReplyDelete

<