1gatling now also speaks FTP, and it is enabled per default.
2Disable it with -F.
3
4Working around itojun's disabled IPv4-mapped IPv6 addresses is even
5worse for FTP than it is for HTTP.  I'm not going to waste my time on
6this for now.  Please ask itojun himself to prove how "easy" or even
7"trivial" it is to do this, as he always claims it is.
8
9Like HTTP will bind to port 80 if running as root, or 8000 otherwise,
10FTP will bind to port 21 and 2121.  To specify the FTP port, use
11-f -p [port].  Example:
12
13  gatling -p 81 -f -p 2100
14
15would run a HTTP server on port 81 and an FTP server on port 2100.  For
16now, HTTP and FTP will always bind to the same IP number.
17
18Please note:
19
20  a) No TELNET sequences.
21     These are _really_ obsolete, a pain in the ass to implement, and
22     have even been used as means to avoid intrusion detection systems
23     due to the obscurity.
24
25  b) The path checking deliberately _allows_ to leave the file system,
26     as long as you follow a symbolic link in the process.  That means,
27     if you symlink out of the FTP file system (and the destination is in
28     the chroot jail), gatling will allow FTP (and HTTP!) users to
29     follow the symlink.  However, following a directory symlink and
30     appending "/../" will not follow the .. directory entry from the
31     target directory of the symlink, as an attacker may hope.
32
33     The idea is to make it easy to create an FTP Server by putting a
34     few symlinks to directories you want to export in an empty
35     directory and starting gatling there.
36
37  c) Like for HTTP, gatling will do virtual hosting, i.e. if the client
38     connected to IP 10.1.1.23 on port 21, gatling will look for the
39     exported data in the directory "10.1.1.23:21".
40
41  d) gatling will not let users download files that are not world
42     readable, even if the permissions would normally allow the gatling
43     process to read the files.  This is to prevent accidental
44     publication of sensitive files.
45
46  e) gatling accepts uploads per anonymous FTP, but only to directories
47     that are world writable.  Since there normally are no world
48     writable directories, this should not pose much of a threat to
49     anyone.  Please note that the files are created with mode 600,
50     which means gatling will not let others download uploaded files, so
51     it cannot be exploited as warez dump.
52
53     You can disable uploads altogether with -U, or you can allow
54     anonymous downloaders to download just uploaded files with -a.
55
56  f) gatling's directory listings will always claim files are owned by
57     root.  The local accounts on FTP sites are ignored by software and
58     not normally useful to outsiders anyway, but revealing them may
59     expose more of your organisation to FTP users than you want.
60