FONC

FTP Over Normal Connections


Download

About

User Guide

How it works

Questions

Bugs

SF Home


Why?

	FTP is old as dirt, and as a result there is a plethora of clients and 
	servers written for it.  However, FTP was written in a time when security 
	was not considered the same way it is now.  One of the best and easiest 
	ways to secure a connection between a server and a client is by using a 
	SSH tunnel.  However, because of the way FTP handles its data connections 
	a simple SSH tunnel will not work.  FONC normalizes the connections so 
	that simple SSH tunnels can secure both control AND data transfers in 
	passive AND active modes.

	* The other why *
	I may get flames by people saying you can do this with X Y and Z just 
	as easy.  However after an hour on google, I decided I had myself a nice 
	project to exercise my java.  Furthermore, I wanted to give 
	sourceforge a whirl around the block.

	So, I hope others may find it useful, and even contribute if there happens
	to be a bug or two ;)
	

How?

	Simple users guide:

	The following assumes that you have a SSH server and an FTP server on 
	machine A, and that you have root permissions to setup FONC on that 
	machine.  Machine A must also have java 1.4 or greater.  Machine B 
	must be able to connect to the SSH server running on machine A 
	(if you’re using FONC then the SSH port may be the only port open 
	on A for security!).  To do this machine B needs a SSH client.  
	Most linux machines come with openssh already installed.  
	Putty works well for windoze.  Machine B must also have an FTP 
	client (most do, even Windoze!) and java 1.4 or greater.

	Download the latest FONC release zip file, and unzip.  Run the following 
	on machine A:

	java −jar server.jar

	(Note: init scripts can be setup so that the FONC server is started on boot.)

	Run this on machine B:
	java −jar client.jar

	Now a tunnel from B to A must be established.  There are 2 ports that 
	must be forwarded, 3020 and 3021.

	On *nix using ssh:
	ssh −L3020:127.0.0.1:3020 −L3021:127.0.0.1:3021 uid@A

	or with putty:
	putty.exe −L 3020:127.0.0.1:3020 −L 3021:127.0.0.1:3021 uid@A

	Note: uid must be a valid user on machine A.

	Using you favorite FTP client connect to 127.0.0.1 and log in with a 
	valid user id for machine A, and FTP away!!
	

	Advanced users guide:

	Both the FONC server and client can accept configuration files:
	java −jar client.jar fonc.conf
	java −jar server.jar fonc.conf

	If the file does not exist yet, it will be written with default values.
	It can be edited for subsequent runs.
 
	By passing a second command−line argument a log file of the control
	messages can be generated.
	java −jar client.jar fonc.conf fonc.log


	Client Configuration Options:
	# The IP of the FONC server.  Note this defaults to localhost because
	# it is assumed that there is a ssh tunnel forwarding to the remote 
	# fonc server.
	FONCServerIP=127.0.0.1
	# The data port of the FONC server.
	FONCServerDataPort=3020
	# This is the port response IP for Port commands.
	PortCommandIP=127,0,0,1
	# For active connections this is the IP FONC
	# should connect to.  We assume the same machine.
	FTPClientIP=127.0.0.1
	# This is the port response IP for EPort commands.
	EPortCommandIP=127.0.0.1
	# The port the FONC client should listen to for
	# FTP client connections.
	FTPEmulatorServerPort=21
	# The FONC control port.
	FONCServerControlPort=3021

	Server Configurations Options:
	# The FONC data port
	DataPort=3020
	# The port command IP response.
	PortCommandIP=127,0,0,1
	# The eport command IP response.
	EPortCommandIP=127.0.0.1
	# The IP of the FTP server.
	FTPServerIP=127.0.0.1
	# The FONC control port
	ControlPort=3021
	# The FTP server port.
	FTPServerPort=21
	

How does it work?

	The FONC server acts like a local FTP client to the FTP server.  The 
	FONC client acts like a local FTP server for the FTP client.  Both 
	client and server can connect to ports opened on the FTP counterpart 
	and open ports for the FTP counterpart to connect to.  FONC knows when 
	to open a port and when to connect to a port by capturing PORT and 
	PASV (including extended versions) commands on the control connection.  
	It will then modify the command so that the FTP counterpart will 
	connect to FONC instead.

	The FONC client always connects to the FONC server on constant ports 
	(3020 for data and 3021 for control, by default).  Upon initial 
	connection the client sends a random number down both connections.  
	The FONC server then associates matching connections by those numbers.  
	This allows for multiple FONC connections to the FONC server.   The 
	client makes a new connection to the server every time a new FTP client 
	connects.  When either the FTP server or client breaks the data 
	connection to FONC, it sends a CLOSE command to the other side.  Once 
	the close command criteria has been met (the number of bytes passed on 
	the data port), the data connection on the far side is then broken.  The 
	data connection between the FONC client and the FONC server is NOT 
	closed when FTP data connections are, it only closes when the session 
	does.
	
Support This Project SourceForge.net Logo