Setup an FTP Server
From OpenFSG
Disclaimer: I will not accept any responsibility for loss or damage to files caused by the implementation ftp server using these instructions. Remember, No security system is unbreakable, Use strong usernames, Use strong passwords.
Contents |
For a simple ftp set-up
set router up to forward port 21 to the ip address of the NDP set up users, 1 login for each user. that way you can keep tabs on who's logging in and disc quota's set up folders for yourself & your users. set access privileges for the folders to Allow or deny / read & write access. enable ftp server on the NDP
then your friends will be able to connect to your router using your WAN ip address which you can find out here http://whatsmyip.org/ if you don't know it.
Considerations:
Is this a fixed IP address? If it is YES then all is well in the world. If it isn't, it will change every time you switch your router of and on again. S you'll either have to: 1. re inform your users about the new ip address (tedious at best) 2. contact your ISP to request a fixed ip (recommended) 3. use a site like http://www.no-ip.com/services/managed_d ... c_dns.html to act as a go between. There are other sites out there that do the same thing. I haven't used this method so cant offer any more support for its implementation. (this is a lazy way to do it and a real fag IMHO)
To connect your users will have to use the following format
ftp://username:password@YOURwanIPaddress
from a web browser they will only be able to read, So have them install ftp software for upload capabilities, like Cute ftp or similar. Firefox has a pretty god ftp plugin available & its free! You from home should be able to connect using
ftp://username:password@yourNDPlanIPaddress
You may be able to connect using
ftp://username:password@YOURwanIPaddress
However, let me warn you now that with allot of routers you cant check your ftp is working from home using your WAN ip address, something to do with loop back and DNS resolution, not entirely sure but it just wont work. That does not mean that your ftp server isn't working. If your router does not allow loop back,....
try using the following site to test your ftp from home http://www.g6ftpserver.com/en/ftptest
When using the g6ftpserver to test you'll get a report like this....
- About to connect() to 79.76.3.166 port 21
- Trying 79.76.3.166... connected
- Connected to 79.76.3.166 (79.76.3.166) port 21
< 220 NET Disk FTP Server ready.
> USER admin < 331 User name okay, need password.
> PASS ***** < 230 User logged in, proceed.
> PWD < 257 "/" is current directory.
- Entry path is '/'
> CLNT Testing from from IP 79.76.3.166 < 500 Syntax error, command unrecognised.
- QUOT command failed with 500
- Connection #0 to host 79.76.3.166 left intact
the syntax error at the bottom is normal, CLNT - Send FTP Client Name to server, is an ftp command that the linux server on the NDP doesn't understand, doesn't matter, your all set if you get this response.
Advanced Security
Recommended though
don't bother with this section until you have a working ftp server!
I suggest that you change your port forwarding on your router. remove the port 21 forward to the NDP WAN ip address. Add forward port (say 60) to port 21 on your NDP WAN ip address. This is a port redirection and should be possible on most routers.
This will do 2 things for you. 1. stop a good amount of port scanners from picking up the fact you have an ftp server. Not a good thing. See viewtopic.php?f=23&t=5538 for the proof! 2. will still allow you to ftp from home using
ftp://username:password@yourNDPlanIPaddress
your users will then need to alter they're logins to
ftp://username:password@YOURwanIPaddres:60
More
To limit user access, and deter hackers
find and edit vsftpd.conf , this file is located on the NDP in the following dir
/etc/vsftpd.conf
use gVim or similar to edit the file.
make a slight adjustment to the variables in vsftpd.conf i added the line
userlist_enable=YES userlist_deny=NO
then add permitted users to the vsftpd.user_list file, (which doesnt exist by default by the way)
so start a new file with Gvim and add the names of the users that you wish to have access, so..
jonny peggy jimbob
and then save as
vsftpd.user_list then copy this new file to the
/etc
directory (where you edited the vsftpd.conf file)
this way your NDP will spin down whilst those dumb idiots are trying to hack into my server.
it gives a
530 permission denied message before they input a password for any user name NOT on the list.
this saves the hackers time I guess as they now know that ADMINISTRATOR was never a login name on the server (but then I'm a generous kind of guy). But for me, I'm happier as My NDP was running quite hot when they were trying, that's the only reason I looked at the log file and caught them at it!
--alfonz 18:20, 6 June 2008 (CEST)
