Monday, March 31, 2008

» FTP server on openSUSE

Here's a quick and simplified version of the FTP Server HOWTO that's on the openSUSE wiki, in order to install and enable a passive FTP server on openSUSE. 1) Install the package vsftpd (ships with the standard OSS repository and media), using the following command from a shell as root:
zypper in vsftpd
(or smart install vsftpd, depending on your preferred package manager) 2) Enable the vsftpd init script at boot to have the FTP server automatically enabled when after booting, still in a shell as root:
chkconfig --add vsftpd
3) Start the vsftpd server now, to avoid rebooting to start it up, still in a shell as root:
rcvsftpd start
(note that you can use that rcvsftpd script to control the FTP daemon, followed by the self-explanatory commands start, stop, status, restart, ...) 4) Now here's the secret magic sauce: to enable FTP in the firewall, open the file /etc/sysconfig/SuSEfirewall2 in your favourite text editor, still as root, and do the following: 4.1) make sure ftp is mentioned in the variable FW_SERVICES_EXT_TCP, e.g. like this:
FW_SERVICES_EXT_TCP="http https ftp"
4.2) enable FTP connection tracking and NATing by setting the variable FW_LOAD_MODULES as follows:
FW_LOAD_MODULES="ip_conntrack_ftp ip_nat_ftp"
(actually, ip_nat_ftp is only needed if that server is acting as a reverse proxy (DNAT) to a real FTP server behind it, but it doesn't harm enabling it anyway, for the sake of simplicity) 5) Apply the firewall changes with the following command, again from a shell as root:
rcSuSEfirewall2 reload
Done.

Labels:

2 Comments:

Blogger Martin Vidner said...

Let's see how the clickety thing performs in comparison ;-)

# yast2 ftp-server (or Start, YaST; Network Services, FTP Server)
Click Service start: When booting, Switch On and Off: Start FTP Now; on the left, Expert Settings: Open Port in Firewall; Accept

Good. Only it seems we should move the firewall widget to the main tab.

17:27  
Blogger xcomm said...

Greetings,

FTP connection tracking / openening of high unpriviliged ports over :1023 for passive ftp on the server seems not to be working for me under SuSE 11 unfortunately.

1) /etc/sysconfig/SuSEfirewall2
FW_SERVICES_EXT_TCP="20 21 4949 ftp ftp-data imap imaps pop3 pop3s"
FW_SERVICES_EXT_UDP="20 21"
FW_LOAD_MODULES="nf_conntrack_netbios_ns nf_conntrack_ftp nf_nat_ftp"

lsmod | grep conntrack
nf_conntrack_ipv6 36424 0
nf_conntrack_netbios_ns 19968 0
ipv6 331544 68 ip6t_REJECT,nf_conntrack_ipv6,ip6table_mangle
nf_conntrack_ipv4 29576 3 iptable_nat,nf_nat
nf_conntrack_ftp 27320 1 nf_nat_ftp
nf_conntrack 91536 8 nf_conntrack_ipv6,xt_state,iptable_nat,nf_conntrack_netbios_ns,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp

2) YaST
YaST, Security, Firewall, allowed Services, vsftpd Server

All this things above are done, but the box is not using connection tracking et all. Shuting down the SuSEFW2 enables passive FTP to this server. The same is achived opening high ports hole like this FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes".


3) There is none.
Start, YaST; Network Services, FTP Server or Vsftpd here

Regards, xcomm

17:28  

Post a Comment

<< Home