Jump to content

Recommended Posts

Posted

Hi all, just wondering if anyone has any suggestions for a predicament I am in.
I have a seagate NAS Drive which I have gained SSH Root access to. It runs a basic Linux Kernel and I can FTP to it as well it's currently running the standard FTP server it is provided with (not advertised but it has it) the FTP server is passive.

I also have an online Digital Ocean Server with linux server.
My end goal is to be able to drop my NAS drive where ever and it will auto run a remote SSH tunnel port forwarding the relevant ports to my cloud server, so where ever I am I can FTP to my cloud server and it shall connect me to my NAS without configuring any routers or firewalls, one issue I am having with the NAS is it is limited as to what I can install on it. I have reconfigured my opkg on it to connect to the open wrt opkg repo but so far nothing is compatible , the kernal it is running is 2.6.35.13-cavm1.whitney-econa.whitney-econa which I can only assume would be a seagate custom firmware for this device.
either way so far I have managed to make scripts that run on startup and I can SSH out and IN but would like an idea of how to essentially make a remote connection to initiate a reverse FTP connection which can be forwarded. I cannot create a VPN Connection and from what I gather due to opkg limitations, I can't port forward 22, 21, and all relevant passive ports through one command via SSH as passive FTP uses a combo of high end different ports each time.
it would be brilliant if there was such a command as ssh -D user@"server"

but I have been using a combo of SSH -R 20:localhost:20 -R 21:localhost:20 user@"ip" with public keys for no auth and an alternation of high end ports but this way everything stumbles after bumping past the auth as passive selects a random high end port.

though I know a LAN turtle would be a Brilliant option I have yet to get my self one and i'm looking for a literal "dropbox" solution that I can drop in any location and it will connect to my server regardless.

so weather its somehow make the FTP server active which after hours of research and multiple ocasions of busting my FTP server then re fixing I don't know how to do

or as suggested before running a script on the nas that opens some form of reverse FTP to my Cloud

If anyone has any ideas i'm all ears, I have been trying this many different ways now for the past week and have only just decided to seek help.

any suggestions?
Thank you in advance if anyone responds.

Posted (edited)

Sounds to me like your biggest problem is that the ftp server software itself is shit. What does the ftp server introduce itself as? The vsftp program, aside from being THE superior ftp server, allows you to restrict the passive ports to a predetermined set.

Try this command:

cat /etc/*-release

A quick google suggests the NAS is running MontaVista Linux which might be something to help you find packages to install. The hardware should be an ARM11 a.k.a. ARMv6 chip, specifically the Cavium CNS3420 SoC, which should be instruction-compatible with the Raspberry Pi (the old one, not the new one).

Edited by Cooper
Posted
NAS-Drive:/Data/User# cat /etc/*-release
MontaVista Linux 6, (.dev-snapshot-20140411)

NAS-Drive:/Data/User# uname -a
Linux NAS-Drive 2.6.35.13-cavm1.whitney-econa.whitney-econa #1 Thu Apr 10 23:57:57 PDT 2014 armv6l GNU/Linux
good call sir and thankyou so much.
I canot seem to find where the FTP server lives though as theres no signs of it in the bin/
ngab8l.jpg
next time I get some time im going to attempt to install a usable FTP sever from an old rasperry repo, I should be able to add an opkg repo to the NAS but I have tried everything to get apt but it always messes up.
Thanks Cooper
Posted

Look in /etc/inetd.conf for the program. You can also telnet to the device on port 21 and look at the banner, but they might've sanatised it to the point where it says effectively nothing.

Posted
# /etc/inetd.conf: see inetd(8) for further informations.
#ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
#telnet stream tcp nowait root /sbin/telnetd /sbin/telnetd
#nntp stream tcp nowait root tcpd in.nntpd
#smtp stream tcp nowait root tcpd sendmail -v
rmik1u.jpg


Boom we have a Directory haha

How could I find out the FTP version from here?

the ftpd and ftpd.krb5 are both compiled applications and are un readable ?
Posted
# /etc/inetd.conf: see inetd(8) for further informations.
#ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd
#telnet stream tcp nowait root /sbin/telnetd /sbin/telnetd
#nntp stream tcp nowait root tcpd in.nntpd
#smtp stream tcp nowait root tcpd sendmail -v
rmik1u.jpg

Boom we have a Directory haha

How could I find out the FTP version from here?

the ftpd and ftpd.krb5 are both compiled applications and are un readable ?

Did you try the banner grab like cooper asked?

Something like: telnet nas.ip 21

should show result similar to: 200 (someVersionName x.x.x.)

Posted

The presence of ftpd.krb5 gives it away a bit. It'll be the FTPD program included with MIT Kerberos v5(not that in the distro it might be packaged separately from the kerberos v5 libraries). Interestingly, according to the manual it supports both passive (PASV) and active (PORT) transfers which I got the impression from you wasn't the case. Maybe your ftpd is kinda old.

Regarding the use of an SSH tunnel to forward FTP connections, I found this chapter of O'Reilly's SSH: The Secure Shell: The definitive guide which for the most part says it can't be done:

http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_02.htm

Lots of good insights there. I think the main question for me becomes why would you want to transfer files over FTP using a secure tunnel as opposed to simply using sftp or scp to transfer the data?

Posted

What about using SCP/SFTP instead of plain text over the air password flying around FTP, all while needing only port 22 or an assigned listener for it with properly configured client?

Posted

I think the main question for me becomes why would you want to transfer files over FTP using a secure tunnel as opposed to simply using sftp or scp to transfer the data?

:cool:

Posted

:cool:

Yep,i totally missed that, but my thinking exactly, why aren't we using encryption when possible. That is unless the main network firewall is specifically blocking port 22, you could still configure this on any port so long as the client points to the server on the configured port. 22 is default, but you could use any port, and should negate the 2 port issues associated with FTP's requirements.

Posted (edited)

sorry guys been away for the weekend, I would have checked the banner but originally it was just Welcome to seagate NAS Storage with no further info, and I changed it To welcome to THE NAS or something across those lines, and so far as SFTP went, I may have schoolboy errored and genuinly forgot that that could have been a more apt option, not only a more apt alternative but the actual solution to my issue, Jeez, Cooper youv been a star and thanks again digip.

Sidenote: I was using FTP as theres a builtin FTP file manager in windows and I need windows in work, however I have found an SFTP intergrater for explorer called Swish
Cheers guys.

I error, Therefore I am.

Edited by silver-moonshine

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...