Let me ask it in a simple way, Are you going to configure FTP Behind NAT?
Keep in mind you will face some facts might point to the following questions,
ifconfig_youNICname="inet YourLANIP netmask YOURsubnetmask"
##ProFTPd installation
#pkg install proftpd
or
# cd /usr/ports/ftp/proftpd && make install clean
#vi /etc/rc.conf
proftpd_enable="yes"
#touch /var/run/proftpd.scoreboard
#pw groupadd -n ftp
#mkdir /home/ftp
#cd /home/ftp
#mkdir in pub
#chown nobody in
#chmod 5777 in
then here will be the configuration file.
# vi /usr/local/etc/proftpd.conf
Below is my working configuration file, I will may modify further as I need.
ServerName "FTP"
ServerType standalone
DefaultServer on
DefaultRoot /home/ftp
Umask 022
MaxInstances 30
User whatsapp
Group nobody
#MasqueradeAddress
Port 50000
AllowForeignAddress on
PassivePorts 50001 50002
AllowOverwrite on
AllowRetrieveRestart on
ScoreboardFile /var/run/proftpd.scoreboard
SystemLog /var/log/proftpd.sys
TransferLog /var/log/proftpd.xfer
ServerLog /var/log/proftpd.serv
####below is imp#####
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN>
AllowAll
#AllowUser ftpuser
#AllowUser root
#AllowUser whatsapp
</Limit>
<Limit ALL>
AllowAll
</Limit>
<Limit CDUP CWD LIST PWD>
AllowAll
</Limit>
#Solution 01
Connect Server in active mode but in most cases it doesn't work for me and prompted the error below. For FTP passive mode is recommended.
#Solution 02
Limit passive ports like I did in proftpd /usr/local/etc/proftpd.conf
Permission Errors- 550 permission denied
#Solution
Make sure your FTP root directory permissions are correct
Keep in mind you will face some facts might point to the following questions,
- Which FTP type should I configure active or passive?
- Which ports should I use for active or passive modes?
- FTP is working fine within LAN but i'm unable to get it over internet.
- Which FTP software I should use?
- Do I need to enable port forwarding?<----------- that's the main headache.
- What if I'm under NAT or firewall what does come to me while connecting to my server?
Before doing anything I'll recommend to study a little about FTP what is active or passive modes and when they use. Read here.
So now you're clear about FTP.
Further all above questions going to be covered here.
I'm following BSD Unix configuration here, the same is as easy in Linux to be configured.
Should I enable builtin FTP or inetd for my end goal? depends pretty much on what you're willing ftp to be......
I'm following BSD Unix configuration here, the same is as easy in Linux to be configured.
Should I enable builtin FTP or inetd for my end goal? depends pretty much on what you're willing ftp to be......
If you want FTP just under LAN and want it to be available then inetd or FTP is the simplest way for you and very easy to enable. So then you don't need to read this further as main purpose of this post is to configure it behind NAT or Firewall. so lets start.
I preferred Proftpd allows many features for FTP services.
before installation make sure your linux/unix system is running on static IP? If not configure static IP for NIC.
In BSD you can add the following lines in /etc/rc.conf as per your subnet
I preferred Proftpd allows many features for FTP services.
before installation make sure your linux/unix system is running on static IP? If not configure static IP for NIC.
In BSD you can add the following lines in /etc/rc.conf as per your subnet
ifconfig_youNICname="inet YourLANIP netmask YOURsubnetmask"
defaultrouter="GatewayIP"
and make sure you added DNS entry in /etc/resolve.conf
#pkg install proftpd
# cd /usr/ports/ftp/proftpd && make install clean
#vi /etc/rc.conf
proftpd_enable="yes"
#touch /var/run/proftpd.scoreboard
#pw groupadd -n ftp
#mkdir /home/ftp
#cd /home/ftp
#mkdir in pub
#chown nobody in
#chmod 5777 in
then here will be the configuration file.
# vi /usr/local/etc/proftpd.conf
Below is my working configuration file, I will may modify further as I need.
ServerName "FTP"
ServerType standalone
DefaultServer on
DefaultRoot /home/ftp
Umask 022
MaxInstances 30
User whatsapp
Group nobody
#MasqueradeAddress
Port 50000
AllowForeignAddress on
PassivePorts 50001 50002
AllowOverwrite on
AllowRetrieveRestart on
ScoreboardFile /var/run/proftpd.scoreboard
SystemLog /var/log/proftpd.sys
TransferLog /var/log/proftpd.xfer
ServerLog /var/log/proftpd.serv
####below is imp#####
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN>
AllowAll
#AllowUser ftpuser
#AllowUser root
#AllowUser whatsapp
</Limit>
<Limit ALL>
AllowAll
</Limit>
<Limit CDUP CWD LIST PWD>
AllowAll
</Limit>
<Directory /home/ftp/in>
<Limit MKD STOR XMKD RNEF RNTO RMD XRMD CWD>
AllowAll
</Limit>
</Directory>
<Directory /home/ftp/pub>
<Limit READ>
AllowAll
</Limit>
</Directory>
### Limit the maximum number of anonymous logins
#MaxClients 10
#<Anonymous /home/ftp>
# <Limit LOGIN>
# AllowAll
# </Limit>
#
# User ftp
# Group ftp
# RequireValidShell off
# UserAlias anonymous ftp
#</Anonymous>
Note that i'm using port 50000 for FTP as control port and 50001 and 50002 for passive use.
you can left 50000 to default 21 and passive ports as you like.
Ports matter a lot as they're going to be used for TCP/UDP connections.
Let's start services now.
#services proftpd start
Now you should be able to connect to your ftp server under LAN like open cmd/terminal and type
as in image.
you can left 50000 to default 21 and passive ports as you like.
Ports matter a lot as they're going to be used for TCP/UDP connections.
Let's start services now.
#services proftpd start
Now you should be able to connect to your ftp server under LAN like open cmd/terminal and type
as in image.
You can also connect it this way if ftp is running to default port 21
#ftp 192.168.x.x
and then i will prompt for yourname and password.
For WAN/NAT/Firewall
and then i will prompt for yourname and password.
For WAN/NAT/Firewall
Enable port forwarding.
Go to your router or firewall and define your FTP server ports for FTP, My configuration is as below.
Go to your router or firewall and define your FTP server ports for FTP, My configuration is as below.
Common Errors(Mess) and Solutions
If your port 21 is not working behind NAT you will receive this error
If you're able to connect to ftp and having successful login but unable to make a UDP connection for directory list, upload/download over ftp that means you're having a real headache now....
#Solution 01
Connect Server in active mode but in most cases it doesn't work for me and prompted the error below. For FTP passive mode is recommended.
#Solution 02
Limit passive ports like I did in proftpd /usr/local/etc/proftpd.conf
PassivePorts 50001 50002
And forward exactly the same ports or port range in firewall or router.
I DID IT AND OWNED SUCCESS AFTER LOT OF MESS.
Here I have the things now in browser,
And forward exactly the same ports or port range in firewall or router.
I DID IT AND OWNED SUCCESS AFTER LOT OF MESS.
Here I have the things now in browser,
and here in terminal
Permission Errors- 550 permission denied
During file upload/download I faced this permission error.
#Solution
Make sure your FTP root directory permissions are correct
#cd /home/ftp
#mkdir in pub
#chown nobody in
#chmod 5777 in
What works for me is this,
What works for me is this,
I edited temporarily proftpd.conf file for permission as
<Limit ALL>
AllowAll
</Limit>
<Limit CDUP CWD LIST PWD>
AllowAll
</Limit>
AllowAll
</Limit>
<Limit CDUP CWD LIST PWD>
AllowAll
</Limit>
<Directory /home/ftp/in>
<Limit MKD STOR XMKD RNEF RNTO RMD XRMD CWD>
AllowAll
</Limit>
</Directory>
<Directory /home/ftp/pub>
<Limit READ>
AllowAll
</Limit>
</Directory>
That's all for now, If you have any question please comment below.
Further referred Here http://www.proftpd.org/docs/howto/NAT.html
Further referred Here http://www.proftpd.org/docs/howto/NAT.html
No comments:
Post a Comment