Difference between revisions of "FTP Serving"
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
<span style="font-size: 18pt; color: rgb(186, 55, 42);" >WIP!</span> | <span style="font-size: 18pt; color: rgb(186, 55, 42);">WIP!</span> | ||
FTP is most often used as a way to remotely access files on servers of other types. As such, you'll likely be configuring this service on a server primarily intended for something else. (i.e.: a [[Building Web Servers{{!}}web server]]) | |||
= Using vsftpd = | |||
== Install vsftpd == | |||
*<code>sudo apt-get update</code> | |||
*<code>sudo apt-get install vsftpd</code> | |||
== Configure vsftpd == | |||
*<code>sudo vim /etc/vsftpd.conf</code> | |||
# Uncomment this to enable any form of FTP write command. | |||
write_enable=YES | |||
# | |||
# Enable PASV | |||
# | |||
pasv_enable=YES | |||
pasv_promiscuous=YES | |||
pasv_min_port=7000 | |||
pasv_max_port=7100 | |||
*<code>sudo service vsftpd restart</code> | |||
*Open ports 21 & 7000-7100 to this server in your firewall. | |||
<big>'''Interesting dilemma... passive mode doesn't work for SHIT if the client is behind a firewall.'''</big> | |||
Also: The Windows FTP command-line client (<code>ftp.exe</code>) does not support the passive mode, on any version of Windows. It makes it pretty useless nowadays due to ubiquitous firewalls and NATs.<br> | |||
Use any thirdparty Windows FTP command-line client instead. Most other support the passive mode. | |||
Even just accessing your FTP server with a web browser '''(<nowiki>ftp://server.address</nowiki>)''' works better... | |||
== Further Reading... == | |||
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04 How To Set Up vsftpd for a User's Directory] | |||
*[http://slacksite.com/other/ftp.html Active FTP vs. Passive FTP, a Definitive Explanation] | |||
= Using ProFTP = | |||
[http://www.proftpd.org/ The ProFTPD Project Home Page] | [http://www.proftpd.org/ The ProFTPD Project Home Page] | ||
= Installing ProFTPd = | == Installing ProFTPd == | ||
* sudo apt-get install proftpd | *<code>sudo apt-get update</code> | ||
At this point, any user with an account on the | * <code>sudo apt-get install proftpd</code> | ||
At this point, any user with an account on the network can access the machine via ftp using their regular name & password. (Note: by default, this does not include root.) | |||
= Accessing FTP through NAT (pfSense here...) = | This is the MINIMUM required to get it running & you'll want to go deeper into the available options. | ||
== Accessing FTP through NAT ([[PfSense{{!}}pfSense]] here...) == | |||
[http://www.proftpd.org/docs/howto/NAT.html ProFTPD: Firewalls, Routers, and NAT] | [http://www.proftpd.org/docs/howto/NAT.html ProFTPD: Firewalls, Routers, and NAT] | ||
* sudo vi /etc/proftpd/proftpd.conf | <span style="color: rgb(132, 63, 161);">The minimum requirements to make it work...</span> | ||
* <code>sudo vi /etc/proftpd/proftpd.conf</code> | |||
Lines 51 & 56 need to be un-commented & edited | Lines 51 & 56 need to be un-commented & edited | ||
| Line 19: | Line 62: | ||
Set '''MasqueradeAddress''' to either the WAN address of your firewall or it's '''FQDN'''. | Set '''MasqueradeAddress''' to either the WAN address of your firewall or it's '''FQDN'''. | ||
Then create 2 port forwards, one specifically for port 21 (FTP) & one for the the range chosen in '''PassivePorts'''. | Then restart the service: | ||
* <code>sudo service proftpd restart</code> | |||
Then create 2 [[PfSense#Port_Forwarding{{!}}port forwards]], one specifically for port 21 (FTP) & one for the the range chosen in '''PassivePorts'''. | |||
= | == Further Configurations == | ||
For now, I'd strongly suggest spending some quality time browsing the [http://www.proftpd.org/docs/howto/index.html ProFTPd Documentation]. There are a LOT of things that can be done... | |||
Latest revision as of 15:27, 30 January 2025
WIP!
FTP is most often used as a way to remotely access files on servers of other types. As such, you'll likely be configuring this service on a server primarily intended for something else. (i.e.: a web server)
Using vsftpd
Install vsftpd
sudo apt-get updatesudo apt-get install vsftpd
Configure vsftpd
sudo vim /etc/vsftpd.conf
# Uncomment this to enable any form of FTP write command. write_enable=YES # # Enable PASV # pasv_enable=YES pasv_promiscuous=YES pasv_min_port=7000 pasv_max_port=7100
sudo service vsftpd restart
- Open ports 21 & 7000-7100 to this server in your firewall.
Interesting dilemma... passive mode doesn't work for SHIT if the client is behind a firewall.
Also: The Windows FTP command-line client (ftp.exe) does not support the passive mode, on any version of Windows. It makes it pretty useless nowadays due to ubiquitous firewalls and NATs.
Use any thirdparty Windows FTP command-line client instead. Most other support the passive mode.
Even just accessing your FTP server with a web browser (ftp://server.address) works better...
Further Reading...
Using ProFTP
Installing ProFTPd
sudo apt-get updatesudo apt-get install proftpd
At this point, any user with an account on the network can access the machine via ftp using their regular name & password. (Note: by default, this does not include root.)
This is the MINIMUM required to get it running & you'll want to go deeper into the available options.
Accessing FTP through NAT (pfSense here...)
ProFTPD: Firewalls, Routers, and NAT
The minimum requirements to make it work...
sudo vi /etc/proftpd/proftpd.conf
Lines 51 & 56 need to be un-commented & edited
Choose an available range of ports for PassivePorts.
Set MasqueradeAddress to either the WAN address of your firewall or it's FQDN.
Then restart the service:
sudo service proftpd restart
Then create 2 port forwards, one specifically for port 21 (FTP) & one for the the range chosen in PassivePorts.
Further Configurations
For now, I'd strongly suggest spending some quality time browsing the ProFTPd Documentation. There are a LOT of things that can be done...