Difference between revisions of "FTP Serving"
| Line 2: | Line 2: | ||
FTP is most often used as a way to remotely access files on servers of other types. As such, you'll likely be configuring this service on a server primarily intended for something else. (i.e.: a [[Building Web Servers{{!}}web server]]) | FTP is most often used as a way to remotely access files on servers of other types. As such, you'll likely be configuring this service on a server primarily intended for something else. (i.e.: a [[Building Web Servers{{!}}web server]]) | ||
= Using vsftpd = | |||
== Install vsftpd == | |||
**Just do it from the Package Manager | |||
**or | |||
***<code>sudo apt-get update</code> | |||
***<code>sudo apt-get install vsftpd</code> | |||
== Configure vsftpd == | |||
**<code>sudo vim /etc/vsftpd.conf</code> | |||
# Uncomment this to enable any form of FTP write command. | |||
write_enable=YES | |||
# | |||
# Enable PASV | |||
# | |||
pasv_enable=YES | |||
pasv_promiscuous=YES | |||
pasv_min_port=7000 | |||
pasv_max_port=7100 | |||
*<code>sudo service vsftpd restart</code> | |||
*Open ports 21 & 7000-7100 to this server in your firewall. | |||
<big>'''Interesting dilemma... passive mode doesn't work for SHIT if the client is behind a firewall.'''</big> | |||
Also: The Windows FTP command-line client (<code>ftp.exe</code>) does not support the passive mode, on any version of Windows. It makes it pretty useless nowadays due to ubiquitous firewalls and NATs.<br> | |||
Use any thirdparty Windows FTP command-line client instead. Most other support the passive mode. | |||
Even just accessing your FTP server with a web browser '''(<nowiki>ftp://server.address</nowiki>)''' works better... | |||
== Further Reading... == | |||
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04 How To Set Up vsftpd for a User's Directory] | |||
*[http://slacksite.com/other/ftp.html Active FTP vs. Passive FTP, a Definitive Explanation] | |||
= Using ProFTP = | |||
[http://www.proftpd.org/ The ProFTPD Project Home Page] | [http://www.proftpd.org/ The ProFTPD Project Home Page] | ||
= Installing ProFTPd = | == Installing ProFTPd == | ||
* <code>sudo apt-get install proftpd</code> | * <code>sudo apt-get install proftpd</code> | ||
| Line 11: | Line 48: | ||
This is the MINIMUM required to get it running & you'll want to go deeper into the available options. | This is the MINIMUM required to get it running & you'll want to go deeper into the available options. | ||
= Accessing FTP through NAT ([[PfSense{{!}}pfSense]] here...) = | == Accessing FTP through NAT ([[PfSense{{!}}pfSense]] here...) == | ||
[http://www.proftpd.org/docs/howto/NAT.html ProFTPD: Firewalls, Routers, and NAT] | [http://www.proftpd.org/docs/howto/NAT.html ProFTPD: Firewalls, Routers, and NAT] | ||
| Line 28: | Line 65: | ||
Then create 2 [[PfSense#Port_Forwarding{{!}}port forwards]], one specifically for port 21 (FTP) & one for the the range chosen in '''PassivePorts'''. | Then create 2 [[PfSense#Port_Forwarding{{!}}port forwards]], one specifically for port 21 (FTP) & one for the the range chosen in '''PassivePorts'''. | ||
= Further Configurations = | == Further Configurations == | ||
For now, I'd strongly suggest spending some quality time browsing the [http://www.proftpd.org/docs/howto/index.html ProFTPd Documentation]. There are a LOT of things that can be done... | For now, I'd strongly suggest spending some quality time browsing the [http://www.proftpd.org/docs/howto/index.html ProFTPd Documentation]. There are a LOT of things that can be done... | ||
Revision as of 14:49, 30 January 2025
WIP!
FTP is most often used as a way to remotely access files on servers of other types. As such, you'll likely be configuring this service on a server primarily intended for something else. (i.e.: a web server)
Using vsftpd
Install vsftpd
- Just do it from the Package Manager
- or
sudo apt-get updatesudo apt-get install vsftpd
Configure vsftpd
sudo vim /etc/vsftpd.conf
# Uncomment this to enable any form of FTP write command. write_enable=YES # # Enable PASV # pasv_enable=YES pasv_promiscuous=YES pasv_min_port=7000 pasv_max_port=7100
sudo service vsftpd restart
- Open ports 21 & 7000-7100 to this server in your firewall.
Interesting dilemma... passive mode doesn't work for SHIT if the client is behind a firewall.
Also: The Windows FTP command-line client (ftp.exe) does not support the passive mode, on any version of Windows. It makes it pretty useless nowadays due to ubiquitous firewalls and NATs.
Use any thirdparty Windows FTP command-line client instead. Most other support the passive mode.
Even just accessing your FTP server with a web browser (ftp://server.address) works better...
Further Reading...
Using ProFTP
Installing ProFTPd
sudo apt-get install proftpd
At this point, any user with an account on the network can access the machine via ftp using their regular name & password. (Note: by default, this does not include root.)
This is the MINIMUM required to get it running & you'll want to go deeper into the available options.
Accessing FTP through NAT (pfSense here...)
ProFTPD: Firewalls, Routers, and NAT
The minimum requirements to make it work...
sudo vi /etc/proftpd/proftpd.conf
Lines 51 & 56 need to be un-commented & edited
Choose an available range of ports for PassivePorts.
Set MasqueradeAddress to either the WAN address of your firewall or it's FQDN.
Then restart the service:
sudo service proftpd restart
Then create 2 port forwards, one specifically for port 21 (FTP) & one for the the range chosen in PassivePorts.
Further Configurations
For now, I'd strongly suggest spending some quality time browsing the ProFTPd Documentation. There are a LOT of things that can be done...