FTP Serving

From Da Nerd Mage Wiki
Jump to navigation Jump to search

WIP!

FTP is most often used as a way to remotely access files on servers of other types. As such, you'll likely be configuring this service on a server primarily intended for something else. (i.e.: a web server)

Using vsftpd

Install vsftpd

  • sudo apt-get update
  • sudo apt-get install vsftpd

Configure vsftpd

  • sudo vim /etc/vsftpd.conf
# Uncomment this to enable any form of FTP write command.
write_enable=YES

#
# Enable PASV
#
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=7000
pasv_max_port=7100
  • sudo service vsftpd restart
  • Open ports 21 & 7000-7100 to this server in your firewall.

Interesting dilemma... passive mode doesn't work for SHIT if the client is behind a firewall.

Also: The Windows FTP command-line client (ftp.exe) does not support the passive mode, on any version of Windows. It makes it pretty useless nowadays due to ubiquitous firewalls and NATs.
Use any thirdparty Windows FTP command-line client instead. Most other support the passive mode. Even just accessing your FTP server with a web browser (ftp://server.address) works better...

Further Reading...

Using ProFTP

The ProFTPD Project Home Page

Installing ProFTPd

  • sudo apt-get update
  • sudo apt-get install proftpd

At this point, any user with an account on the network can access the machine via ftp using their regular name & password. (Note: by default, this does not include root.)

This is the MINIMUM required to get it running & you'll want to go deeper into the available options.

Accessing FTP through NAT (pfSense here...)

ProFTPD: Firewalls, Routers, and NAT

The minimum requirements to make it work...

  • sudo vi /etc/proftpd/proftpd.conf

Lines 51 & 56 need to be un-commented & edited

Choose an available range of ports for PassivePorts.

Set MasqueradeAddress to either the WAN address of your firewall or it's FQDN.

Then restart the service:

  • sudo service proftpd restart

Then create 2 port forwards, one specifically for port 21 (FTP) & one for the the range chosen in PassivePorts.

Further Configurations

For now, I'd strongly suggest spending some quality time browsing the ProFTPd Documentation.  There are a LOT of things that can be done...