-   Linux - Server (
-   -   How do I make vsftpd work externally? (Plesase read, thanks!) (

Altiris 03-06-2013 09:52 PM

How do I make vsftpd work externally? (Plesase read, thanks!)
Okay so to start off I got vsftpd finally working (buggy little software I say). I want to make vsftpd work externally, meaning when using a program such as FileZilla, type in my external ip (I have a static IP already) and then my username/password (account I have in ubuntu) and then the port (I dont want port 21, I want something high up such 8000.) I also want to enable SSL (is this really necessary?). I also found out that I think you need to forward something called Passive ports which are where the data gets transferred?

What do I have to add in to the vsftpd.conf file to make all of these things work?



BTW, I am using Ubuntu 12.04 LTS and a modified vsftpd version by the people at this link
(the only modification is that it added support for the "allow_writeable_chroot=YES" command.

chrism01 03-06-2013 10:45 PM

You can enable TLS (aka SSL), but I'd go with sftp (part of the ssh toolset) or even simpler, scp.
You definitely should use encryption over a public cxn.
You will have to get your router/modem to forward the incoming port to your PC.
Is there any particular reason you can't use the std port for ftp (note sftp/scp use port 22).

Altiris 03-07-2013 03:20 PM

Alright so thanks for your feedback, but I have a few questions. If I go with sftp, is that built in with vsftpd or do I need to install it with a command like "sudo apt-get install sftp" ? After I install it, what do I do to get it working with vsftpd?

My last couple questions are, do I just forward Port 22 for sftp and that's it and that's it for it to work? The other question I have is for vsftpd, do I only need to forward the Port 21/(any port of my choice) and that's it, or do I need to also port forward passive ports similar to when setting up FileZilla on Windows (Filezilla requires a main port such as 21 and then the passive ports such as 5000-5100), do I nee to do this? If so, what do I need to add/edit in the vsftpd.conf file?

Answering your question, I have a sonic wall and it reports/logs when people (automatic bots) try to access blocked or certain ports. I got a lot of reports from the Port 21, I don't think I saw any reports for port such as 82010). The other thig is my father has an FTP set up windows with port 21 so I need to choose a different port

Altiris 03-07-2013 03:21 PM

Double posted, sorry.

chrism01 03-07-2013 07:03 PM

As above sftp is part of the ssh tool, so if you've got ssh installed, you've also got sftp & scp.
This is a completely separate tool from vsftp, and you only need one or the other.

If I understand your ref to your father already using ftp, you may want to keep your cxn separate and use sftp or scp.

Normally ssh tools use port 22 and that would have to be forwarded in your firewall.
Its simpler than std ftp protocol, because it only uses that one port.
You can specify another port on the server end in /etc/sshd_config:
Remember to consider the port num forwarding on the router and the final port on the server.

scp is a simpler on the cmd line eg scp localfile user@host:/dir/remotefile, but if you're using a GUI tool like Filezilla, it will use sftp.

Obviously make sure you have a very secure passwd/passphrase on that acct.

ssh howto in Chap 17

Altiris 03-07-2013 08:57 PM

Alright so I followed a guide on the internet and I generated a certificate for SSL and I added the commands in vsftpd.conf


I restarted vsftpd and it launched and I can log in, everything is working. Is that all there is to it for SSL? What else do I need to do? You guys said about using sftp or scp and a moderator posted on my other thread and how "FTP requires TCP/20 + TCP/21 and FTPS (not sftp, that's a SSH protocol) requires TCP/990". I don't understand this because I only forwarded port 21 and the FTP works. I am really confused now, do I use sftp, scp, or FTPS (which is best) and how do I link that with VSFTPD and what ports do I need?

EDIT: I tried FTPES://EXTERNALIPHERE and it asked me to accept the certificate, I accepted and it said it connected but my directory listings wouldn't show up and I get an error "GnuTLS error: -15: An unexpected TLS packet was received." and then it says "Could not connect to the server"

All times are GMT -5. The time now is 05:16 PM.