wiki:doc/TorifyHOWTO/FTP

Read first!!!

Introduction

FTP requires 2 different connections: one for commands and one for data. Data connections is created every time a directory listing or file is transmitted. Almost any FTP server nowadays checks both control connection and data connection to come from the same IP address. Tor changes circuit for new TCP connection every 10 minutes. It means, if you download many files from the same FTP server (or browse content of FTP server) you will fail approximately once in 10 minutes and will need to re-connect. It only affects new connections and does not interrupt file download.

TrackHostExits

Its a Tor feature. Read its description in the Tor manual.

Related discussions. How to use it?

Is it anonymous or potentially pseudonymous?

3proxy

3proxy (see POP3) may act as an FTP proxy with redirection to Tor. There are 2 different types of FTP proxies. First type is a FTP over HTTP proxy - it converts listsings and file transfers between FTP and HTTP and it's mainly used by browsers (Internet Explorer, Mozilla, Opera, wget, etc). It lacks support for many FTP commands. Second type is a plain FTP proxy - it fully supports the FTP protocol and is used in FTP clients (gFTP, NcFTP, CuteFTP). 3proxy supports both. For the real FTP proxy, 2 methods are supported: USER extension and SITE/OPEN extension. In order real FTP proxy to work with Tor you need the latest devel version (0.6).

In the configuration file from POP3 replace (or add, to use both services) the string

pop3p -i127.0.0.1 -p110

with

proxy -i127.0.0.1 -p110

for HTTP proxy with FTP over HTTP support (compatible with web browsers), and/or

ftppr -i127.0.0.1 -p110

for FTP proxy (NOT compatible with web browsers).

You can start both of these services at the same time, just use different ports.

You may sometimes get 404 Errors (after a long time of waiting) when connecting to an FTP site. Don't worry, this is normal (I mean, this is neither 3proxy's fault nor a configuration problem). Just wait a few minutes and everything will be fine.

Mozilla Firefox

Method 1:

Install and start 3proxy, as described above. Go to Edit-Preferences (that used to be Tools-Options on Windows) - General - Connection settings. Then type 'localhost' and port number ('110' using the above configuration) under the FTP Proxy entry. That should do it.

Method 2:

  1. under network settings of Firefox (Tools-Options on Windows): manual proxy configuration --> FTP proxy 127.0.0.1 on port 9050 ;
  2. install Firefox' addon called "FireFTP", restart Firefox to activate addon;
  3. under settings of FireFTP change following settings:
    1. tab "Interface" --> checkmark "Configure FTP links in Firefox to automatically use FireFTP";
    2. tab "Interface" --> checkmark "Use Passive mode for this connections";
    3. tab "Connections" --> Proxy Socks5 --> Host 127.0.0.1 --> Port 9050 ;

Still true? "Note however that with this configuration FireFTP will leak DNS."

Refer to this FAQ entry for possible solutions.

(adrelanos) The FireFTP changelog says, "fixed DNS leaking when using proxies (2.0.1 fix)", but I did not verify that.

Wget (FTP)

You may need to pass the --passive-ftp command-line option to Wget for FTP to work.

Method 1:

Install and start 3proxy, as described above. Set the ftp_proxy environment variable to 127.0.0.1:110 (substitute 110 with your 3proxy port number, if necessary). You may also set this in the Wget configuration file.

Method 2:

Alternatively, set your ftp_proxy environment variable to http://127.0.0.1:8118 (that is, point it to Privoxy or a HTTP proxy), then connect to a site using HTTP: wget http://ftp.site.address.com/some-file

This method may not work with all sites.

Opera

Install and start 3proxy, as described above. Go to Tools-Preferences-Advanced-Network-Proxy servers. Enable FTP and type 127.0.0.1 and port 110 (or whatever port number you chose for 3proxy).

Konqueror

Install and start 3proxy, as described above. Go to Settings - Configure Konqueror - Manually Specify the proxy settings - Setup. Enter 127.0.0.1 and port number 110 (or whatever number you chose for 3proxy) under the FTP Proxy.

SmartFTP

Install and start Tor. Go to Extras - Settings - Connection/Proxy. Choose Type "SOCKS 4", Host "127.0.0.1" and Port "9050".

FileZilla 2.x

Install and start Tor. Go to Extras - Settings - Connection/Proxy. Choose Type "SOCKS 4a", Host "127.0.0.1" and Port "9050".

FileZilla 3.x

Go To Edit - Settings - Generic Proxy. Choose Type "SOCKS 5",Host "127.0.0.1" and Port "9050". Also you should have 'FTP proxy' set to 'none'. 'FTP proxy' is not the setting you want to use for Tor.

gFTP 2

Method 1:

Go to FTP -> Options -> FTP tab. Set proxy type to "HTTP" and proxy port to 8118. Save your settings. Before connecting to a site, make sure that the protocol selector (at the top of the window, second counting from right, after "server", "port", "user", "password" and before the red cross) is set to HTTP.

This may not work with all sites.

Method 2:

Go to FTP -> Options -> FTP tab. Set proxy type to "none", proxy address to an empty string and proxy port to 0. Save your settings. Set destination server to "127.0.0.1", destination port to 110 (or whatever port number for 3proxy you chose), and login to yourlogin@real_server_address (for example: anonymous@…). Before connecting to a site, make sure that the protocol selector (at the top of the window, second counting from right, after "server", "port", "user", "password" and before the red cross) is set to FTP. You can pass your password in the login, the syntax is "yourlogin:yourpassword@real_server_address".

LFTP

Method 1:

Set your ftp_proxy environment variable to http://127.0.0.1:8118 (that is, point it to Privoxy or a HTTP proxy), then connect to a site using HTTP: lftp http://ftp.site.address.com

This may not work with all sites.

Script wrapper for 'Method 1'

If you would prefer to run torified applications under different UNIX account, you can use following wrapper. It presupposes you created a new user - toruser - for your torified apps.

Save this wrapper into $HOME/bin/torlftp.

#!/bin/sh

lftprc=`mktemp /tmp/lftprc.XXXXX`

cat > $lftprc <<EOF
set cmd:prompt "[TORUSER] lftp \\S\\? \\u\\@\\h:\\w> "
set ftp:proxy http://127.0.0.1:8123
set ftp:use-hftp no
set http:proxy 127.0.0.1:8123
set hftp:proxy 127.0.0.1:8123
set ftp:anon-pass "mozilla@"
set ftp:client ""
set http:user-agent "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
EOF

sudo /usr/bin/install -o toruser -g users -m600 $lftprc ~toruser/.lftprc
rm -f $lftprc

sudo /usr/bin/su -s /bin/sh -l toruser -c /usr/local/bin/lftp

Also do not forget to check if your polipo allows ftp ports: 21, 49152-65535. If not modify /etc/polipo/config.

# grep tunnelAllowedPorts /etc/polipo/config
tunnelAllowedPorts = 21, 22, 80, 109-110, 143, 443, 873, 993, 995, 2401, 5222-5223, 9418, 49152-65535

The wrapper above uses sudo for switching to another account and defining lftp configuration. Check your sudo configuration to have something similar:

youruser  ALL=(root) NOPASSWD: /usr/bin/su -s /bin/sh -l toruser -c /usr/local/bin/lftp
youruser  ALL=(root) NOPASSWD: /usr/bin/install -o toruser -g users -m600 /tmp/lftprc.????? /home/toruser/.lftprc

Start your torified lftp with torlftp and you should see following prompt:

$ torlftp                                                                        
[TORUSER] lftp :~>

Method 2:

Open your lftp configuration file ($HOME/.lftprc on Linux) and type

set ftp:use-feat no
set ftp:ssl-allow no

Then connect to a server with the command lftp -p 110 -u yourlogin@real_server_name 127.0.0.1 (subsituting 110 for your 3proxy port number), for example:

lftp -p 110 -u anonymous@ftp.gnu.org 127.0.0.1

You can pass the password on the command line (not safe) in the login, using the syntax "yourlogin:yourpassword@real_server_name", or in the -u option: "-u yourlogin@real_server_name,yourpassword".

NcFTP

Since NcFTP is an FTP-only program, pointing it to Privoxy or any HTTP proxy will not work. To connect to a site, use the following command syntax: ncftp -u yourlogin@yourserver -P 110 127.0.0.1 (change 110 to whatever port you chose for 3proxy), for example:

ncftp -u anonymous@ftp.gnu.org -P 110 127.0.0.1

If your server requires a password, you can pass on the command-line (not safe) with your login:

ncftp -u yourlogin:yourpassword@yourserver -P 110 127.0.0.1

Bug Reports

#1259 FTP seems broken

#9211 FTP download too difficult

Last modified 4 years ago Last modified on Jul 22, 2013, 10:09:53 PM