search

securesocketfunneling / ssf

Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
https://securesocketfunneling.github.io/ssf/
Other
1.59k stars 235 forks source link

gateway_ports configuration option is ignored #63

Closed orwell96 closed 6 years ago

orwell96 commented 6 years ago

Hello, I am trying to use the remote-socks service. The server side is supposed to open a port bound to the IP address 10.0.0.1:1080, forwarding traffic to the client side. What happens is: Both sides display a warning that gateway ports are enabled, however, the port is only bound to the local interface and there's a warning that gateway_ports are disabled. Apart from this, it works fine. But I would like to have the SOCKS port be reached from the entire 10.0.0.* network.

This also happens equally for both local and remote TCP and UDP forwarding... so for pretty all services that have a gateway_ports option. (quickly tested through -L, -R, -U and -V and looking for the warning)

Server command: ./ssfd -p 1337 Client Command: ./ssf -F 10.0.0.1:1080 -p 1337 <server addr> My configuration file (config.json) on both ends:

{
  "ssf": {
    "tls" : {
      "ca_cert_path": "./certs/trusted/ca.crt",
      "cert_path": "./certs/certificate.crt",
      "key_path": "./certs/private.key",
      "key_password": "",
      "dh_path": "./certs/dh4096.pem",
      "cipher_alg": "DHE-RSA-AES256-GCM-SHA384"
    },
    "services": {
      "datagram_forwarder": { "enable": true },
      "datagram_listener": {
        "enable": true,
        "gateway_ports": true
      },
      "stream_forwarder": { "enable": true },
      "stream_listener": {
        "enable": true,
        "gateway_ports": true
      },
      "file_copy": { "enable": false },
      "shell": {
        "enable": false,
        "path": "/bin/bash|C:\\windows\\system32\\cmd.exe",
        "args": ""
      },
      "socks": { "enable": true }
    }
  }
}

The server's output:

[2018-10-26T21:53:11+02:00] [info] [config] loading file <config.json>
[2018-10-26T21:53:11+02:00] [info] [config] [tls] CA cert path: <file: ./certs/trusted/ca.crt>
[2018-10-26T21:53:11+02:00] [info] [config] [tls] cert path: <file: ./certs/certificate.crt>
[2018-10-26T21:53:11+02:00] [info] [config] [tls] key path: <file: ./certs/private.key>
[2018-10-26T21:53:11+02:00] [info] [config] [tls] key password: <>
[2018-10-26T21:53:11+02:00] [info] [config] [tls] dh path: <file: ./certs/dh4096.pem>
[2018-10-26T21:53:11+02:00] [info] [config] [tls] cipher suite: <DHE-RSA-AES256-GCM-SHA384>
[2018-10-26T21:53:11+02:00] [info] [config] [http proxy] <None>
[2018-10-26T21:53:11+02:00] [info] [config] [socks proxy] <None>
[2018-10-26T21:53:11+02:00] [warning] [config] [microservices][datagram_listener] gateway ports allowed
[2018-10-26T21:53:11+02:00] [warning] [config] [microservices][stream_listener] gateway ports allowed
[2018-10-26T21:53:11+02:00] [info] [config] [circuit] <None>
[2018-10-26T21:53:11+02:00] [info] [ssfd] listening on <*:1337>
[2018-10-26T21:53:11+02:00] [info] [ssfd] running (Ctrl + C to stop)
[2018-10-26T21:55:11+02:00] [warning] [microservice] [stream_listener]: cannot listen on network interface <10.0.0.1> without gateway ports option
[2018-10-26T21:55:11+02:00] [info] [microservice] [stream_listener]: forward TCP connections from <127.0.0.1:1242> to 1080

The client's output:

[2018-10-26T22:13:53+02:00] [info] [config] loading file <config.json>
[2018-10-26T22:13:53+02:00] [info] [config] [tls] CA cert path: <file: ./certs/trusted/ca.crt>
[2018-10-26T22:13:53+02:00] [info] [config] [tls] cert path: <file: ./certs/certificate.crt>
[2018-10-26T22:13:53+02:00] [info] [config] [tls] key path: <file: ./certs/private.key>
[2018-10-26T22:13:53+02:00] [info] [config] [tls] key password: <>
[2018-10-26T22:13:53+02:00] [info] [config] [tls] dh path: <file: ./certs/dh4096.pem>
[2018-10-26T22:13:53+02:00] [info] [config] [tls] cipher suite: <DHE-RSA-AES256-GCM-SHA384>
[2018-10-26T22:13:53+02:00] [info] [config] [http proxy] <None>
[2018-10-26T22:13:53+02:00] [info] [config] [socks proxy] <None>
[2018-10-26T22:13:53+02:00] [warning] [config] [microservices][datagram_listener] gateway ports allowed
[2018-10-26T22:13:53+02:00] [warning] [config] [microservices][stream_listener] gateway ports allowed
[2018-10-26T22:13:53+02:00] [info] [config] [circuit] <None>
[2018-10-26T22:13:53+02:00] [info] [ssf] connecting to <141.30.224.17:1337>
[2018-10-26T22:13:53+02:00] [info] [ssf] running (Ctrl + C to stop)
[2018-10-26T22:13:53+02:00] [info] [client] connection attempt 1/1
[2018-10-26T22:13:57+02:00] [info] [client] connected to server
[2018-10-26T22:13:57+02:00] [info] [client] running
[2018-10-26T22:13:57+02:00] [info] [microservice] [socks]: start server on fiber port 1080
[2018-10-26T22:13:57+02:00] [info] [client] service <remote-socks> OK
orwell96 commented 6 years ago

Problem solved when using the command-line option "-g" Seems like the config option is just there to print the warning...