silver-moonshine Posted August 19, 2015 Posted August 19, 2015 Hi all, just wondering if anyone has any suggestions for a predicament I am in.I have a seagate NAS Drive which I have gained SSH Root access to. It runs a basic Linux Kernel and I can FTP to it as well it's currently running the standard FTP server it is provided with (not advertised but it has it) the FTP server is passive. I also have an online Digital Ocean Server with linux server.My end goal is to be able to drop my NAS drive where ever and it will auto run a remote SSH tunnel port forwarding the relevant ports to my cloud server, so where ever I am I can FTP to my cloud server and it shall connect me to my NAS without configuring any routers or firewalls, one issue I am having with the NAS is it is limited as to what I can install on it. I have reconfigured my opkg on it to connect to the open wrt opkg repo but so far nothing is compatible , the kernal it is running is 2.6.35.13-cavm1.whitney-econa.whitney-econa which I can only assume would be a seagate custom firmware for this device.either way so far I have managed to make scripts that run on startup and I can SSH out and IN but would like an idea of how to essentially make a remote connection to initiate a reverse FTP connection which can be forwarded. I cannot create a VPN Connection and from what I gather due to opkg limitations, I can't port forward 22, 21, and all relevant passive ports through one command via SSH as passive FTP uses a combo of high end different ports each time.it would be brilliant if there was such a command as ssh -D user@"server" but I have been using a combo of SSH -R 20:localhost:20 -R 21:localhost:20 user@"ip" with public keys for no auth and an alternation of high end ports but this way everything stumbles after bumping past the auth as passive selects a random high end port. though I know a LAN turtle would be a Brilliant option I have yet to get my self one and i'm looking for a literal "dropbox" solution that I can drop in any location and it will connect to my server regardless. so weather its somehow make the FTP server active which after hours of research and multiple ocasions of busting my FTP server then re fixing I don't know how to do or as suggested before running a script on the nas that opens some form of reverse FTP to my Cloud If anyone has any ideas i'm all ears, I have been trying this many different ways now for the past week and have only just decided to seek help. any suggestions?Thank you in advance if anyone responds. Quote
cooper Posted August 20, 2015 Posted August 20, 2015 (edited) Sounds to me like your biggest problem is that the ftp server software itself is shit. What does the ftp server introduce itself as? The vsftp program, aside from being THE superior ftp server, allows you to restrict the passive ports to a predetermined set. Try this command: cat /etc/*-release A quick google suggests the NAS is running MontaVista Linux which might be something to help you find packages to install. The hardware should be an ARM11 a.k.a. ARMv6 chip, specifically the Cavium CNS3420 SoC, which should be instruction-compatible with the Raspberry Pi (the old one, not the new one). Edited August 20, 2015 by Cooper Quote
silver-moonshine Posted August 20, 2015 Author Posted August 20, 2015 NAS-Drive:/Data/User# cat /etc/*-release MontaVista Linux 6, (.dev-snapshot-20140411) NAS-Drive:/Data/User# uname -a Linux NAS-Drive 2.6.35.13-cavm1.whitney-econa.whitney-econa #1 Thu Apr 10 23:57:57 PDT 2014 armv6l GNU/Linux good call sir and thankyou so much.I canot seem to find where the FTP server lives though as theres no signs of it in the bin/ next time I get some time im going to attempt to install a usable FTP sever from an old rasperry repo, I should be able to add an opkg repo to the NAS but I have tried everything to get apt but it always messes up.Thanks Cooper Quote
cooper Posted August 20, 2015 Posted August 20, 2015 Look in /etc/inetd.conf for the program. You can also telnet to the device on port 21 and look at the banner, but they might've sanatised it to the point where it says effectively nothing. Quote
silver-moonshine Posted August 20, 2015 Author Posted August 20, 2015 # /etc/inetd.conf: see inetd(8) for further informations. #ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd #telnet stream tcp nowait root /sbin/telnetd /sbin/telnetd #nntp stream tcp nowait root tcpd in.nntpd #smtp stream tcp nowait root tcpd sendmail -v Boom we have a Directory hahaHow could I find out the FTP version from here? the ftpd and ftpd.krb5 are both compiled applications and are un readable ? Quote
digip Posted August 20, 2015 Posted August 20, 2015 # /etc/inetd.conf: see inetd(8) for further informations. #ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd #telnet stream tcp nowait root /sbin/telnetd /sbin/telnetd #nntp stream tcp nowait root tcpd in.nntpd #smtp stream tcp nowait root tcpd sendmail -v Boom we have a Directory haha How could I find out the FTP version from here? the ftpd and ftpd.krb5 are both compiled applications and are un readable ? Did you try the banner grab like cooper asked? Something like: telnet nas.ip 21 should show result similar to: 200 (someVersionName x.x.x.) Quote
cooper Posted August 21, 2015 Posted August 21, 2015 The presence of ftpd.krb5 gives it away a bit. It'll be the FTPD program included with MIT Kerberos v5(not that in the distro it might be packaged separately from the kerberos v5 libraries). Interestingly, according to the manual it supports both passive (PASV) and active (PORT) transfers which I got the impression from you wasn't the case. Maybe your ftpd is kinda old. Regarding the use of an SSH tunnel to forward FTP connections, I found this chapter of O'Reilly's SSH: The Secure Shell: The definitive guide which for the most part says it can't be done: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_02.htm Lots of good insights there. I think the main question for me becomes why would you want to transfer files over FTP using a secure tunnel as opposed to simply using sftp or scp to transfer the data? Quote
digip Posted August 21, 2015 Posted August 21, 2015 What about using SCP/SFTP instead of plain text over the air password flying around FTP, all while needing only port 22 or an assigned listener for it with properly configured client? Quote
cooper Posted August 21, 2015 Posted August 21, 2015 I think the main question for me becomes why would you want to transfer files over FTP using a secure tunnel as opposed to simply using sftp or scp to transfer the data? Quote
digip Posted August 21, 2015 Posted August 21, 2015 Yep,i totally missed that, but my thinking exactly, why aren't we using encryption when possible. That is unless the main network firewall is specifically blocking port 22, you could still configure this on any port so long as the client points to the server on the configured port. 22 is default, but you could use any port, and should negate the 2 port issues associated with FTP's requirements. Quote
silver-moonshine Posted August 23, 2015 Author Posted August 23, 2015 (edited) sorry guys been away for the weekend, I would have checked the banner but originally it was just Welcome to seagate NAS Storage with no further info, and I changed it To welcome to THE NAS or something across those lines, and so far as SFTP went, I may have schoolboy errored and genuinly forgot that that could have been a more apt option, not only a more apt alternative but the actual solution to my issue, Jeez, Cooper youv been a star and thanks again digip. Sidenote: I was using FTP as theres a builtin FTP file manager in windows and I need windows in work, however I have found an SFTP intergrater for explorer called Swish Cheers guys. I error, Therefore I am. Edited August 23, 2015 by silver-moonshine Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.