How To Set up FTP Server

ftp

(Bimoputra Pratama) #1

How do I set up the ftp server on nethserver, I have set it but when I remote via the ftp software, ftp doesn’t want to connect. Overcoming ftp does not want to connect how, want an IP host or domain host still not connected. Which FTP do I use the local ip?


(Marc) #2

If you have created an ftp user and enabled the FTP server (FTP -> Configure -> enabled) you’ll be able to connect to it from LAN (green). If you have configured a red interface, to connect from outside (red) you have to give access to the ftp service from Network Services section. If NethServer is behind a firewall/gateway you’ll have to redirect ftp port (21) from it to your server. Then a remote ftp client will be able to connect using your gateway public IP or domain name (if you have a registered domain name and properly configured domain records pointing to your gateway).

You can find more information in the documentation:
http://docs.nethserver.org/en/v7/ftp.html
http://docs.nethserver.org/projects/nethserver-devel/en/v7/ftp.html


(Bimoputra Pratama) #3

that is to say, to provide ftp for red services on your network like this, the connection we have must have open access to port 21 so that we can access via wifi and via an internet modem channel right?

I often connect to a red port and I don’t use LAN Green because I don’t have any additional tools to connect the LAN to an additional WiFi modem.


(Marc) #4

Yes. If you server has a red interface configured you have to open port 21 to give external access.

For wifi it depends on how your Access Point is configured on the network:

  • If you have a dedicated AP you could configure it in a different network range as a blue network zone.
  • If network isolation for security is not as important, you could plug the AP on LAN (green).
  • If NethServer has a red interface connected to a gateway, ant the gateway is also the AP, the setup is less convenient. Port 21 open and wifi clients using nethserver’s red ip… Other scenarios are possible.

(Jeroen Visser) #5

For FTP to properly work on both the LAN and the WAN a few things need to be in place:

  1. You need to define a fixed passive range in your vsftpd config (use a template) You can use any ports you like. One of them will be used per connection, decide the amount you need based on that knowledge.

    pasv_enable=Yes
    pasv_min_port=10090
    pasv_max_port=10100
    pasv_address=xxx.xxx.xxx.xxx

(WAN IP) -----------------^

  1. (Optional) If your ftp uses encryption (FTPES) you need to make sure that the public name resolves to your LAN address from within the LAN. You will need a DNS entry on the LAN side.

  2. You need to open port 21 on the firewall and create a NAT rule to your FTP server.

  3. You need to open the port range you defined as passive ports on the firewall and create a NAT rule to your FTP server.

From the LAN you should use active mode, or use some special configuration on your firewall, where it reflects LAN requests to the public IP back … this can be a bit tricky to set up, so I will leave it out.
From the WAN you can now use passive mode.