LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-06-2013, 08:52 PM   #1
Altiris
Member
 
Registered: Mar 2013
Posts: 255

Rep: Reputation: Disabled
Question How do I make vsftpd work externally? (Plesase read, thanks!)


Okay so to start off I got vsftpd finally working (buggy little software I say). I want to make vsftpd work externally, meaning when using a program such as FileZilla, type in my external ip (I have a static IP already) and then my username/password (account I have in ubuntu) and then the port (I dont want port 21, I want something high up such 8000.) I also want to enable SSL (is this really necessary?). I also found out that I think you need to forward something called Passive ports which are where the data gets transferred?

What do I have to add in to the vsftpd.conf file to make all of these things work?

Thanks!

---------------------------------------------------------------------------

BTW, I am using Ubuntu 12.04 LTS and a modified vsftpd version by the people at this link
http://blog.thefrontiergroup.com.au/...rs-work-again/
(the only modification is that it added support for the "allow_writeable_chroot=YES" command.
 
Old 03-06-2013, 09:45 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
You can enable TLS (aka SSL), but I'd go with sftp (part of the ssh toolset) or even simpler, scp.
You definitely should use encryption over a public cxn.
You will have to get your router/modem to forward the incoming port to your PC.
Is there any particular reason you can't use the std port for ftp (note sftp/scp use port 22).
 
Old 03-07-2013, 02:20 PM   #3
Altiris
Member
 
Registered: Mar 2013
Posts: 255

Original Poster
Rep: Reputation: Disabled
Alright so thanks for your feedback, but I have a few questions. If I go with sftp, is that built in with vsftpd or do I need to install it with a command like "sudo apt-get install sftp" ? After I install it, what do I do to get it working with vsftpd?

My last couple questions are, do I just forward Port 22 for sftp and that's it and that's it for it to work? The other question I have is for vsftpd, do I only need to forward the Port 21/(any port of my choice) and that's it, or do I need to also port forward passive ports similar to when setting up FileZilla on Windows (Filezilla requires a main port such as 21 and then the passive ports such as 5000-5100), do I nee to do this? If so, what do I need to add/edit in the vsftpd.conf file?

Answering your question, I have a sonic wall and it reports/logs when people (automatic bots) try to access blocked or certain ports. I got a lot of reports from the Port 21, I don't think I saw any reports for port such as 82010). The other thig is my father has an FTP set up windows with port 21 so I need to choose a different port
 
Old 03-07-2013, 02:21 PM   #4
Altiris
Member
 
Registered: Mar 2013
Posts: 255

Original Poster
Rep: Reputation: Disabled
Double posted, sorry.

Last edited by Altiris; 03-07-2013 at 02:22 PM.
 
Old 03-07-2013, 06:03 PM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
As above sftp is part of the ssh tool, so if you've got ssh installed, you've also got sftp & scp.
This is a completely separate tool from vsftp, and you only need one or the other.

If I understand your ref to your father already using ftp, you may want to keep your cxn separate and use sftp or scp.

Normally ssh tools use port 22 and that would have to be forwarded in your firewall.
Its simpler than std ftp protocol, because it only uses that one port.
You can specify another port on the server end in /etc/sshd_config: http://www.openssh.com/manual.html.
Remember to consider the port num forwarding on the router and the final port on the server.

scp is a simpler on the cmd line eg scp localfile user@host:/dir/remotefile, but if you're using a GUI tool like Filezilla, it will use sftp.

Obviously make sure you have a very secure passwd/passphrase on that acct.

ssh howto in Chap 17 http://www.linuxtopia.org/online_boo...ion/index.html

Last edited by chrism01; 03-07-2013 at 06:12 PM.
 
Old 03-07-2013, 07:57 PM   #6
Altiris
Member
 
Registered: Mar 2013
Posts: 255

Original Poster
Rep: Reputation: Disabled
Alright so I followed a guide on the internet and I generated a certificate for SSL and I added the commands in vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

I restarted vsftpd and it launched and I can log in, everything is working. Is that all there is to it for SSL? What else do I need to do? You guys said about using sftp or scp and a moderator posted on my other thread and how "FTP requires TCP/20 + TCP/21 and FTPS (not sftp, that's a SSH protocol) requires TCP/990". I don't understand this because I only forwarded port 21 and the FTP works. I am really confused now, do I use sftp, scp, or FTPS (which is best) and how do I link that with VSFTPD and what ports do I need?


EDIT: I tried FTPES://EXTERNALIPHERE and it asked me to accept the certificate, I accepted and it said it connected but my directory listings wouldn't show up and I get an error "GnuTLS error: -15: An unexpected TLS packet was received." and then it says "Could not connect to the server"

Last edited by Altiris; 03-10-2013 at 11:41 AM. Reason: I am confused.
 
  


Reply

Tags
external, port, ubuntu, vsftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why doesn't the subdomain work externally? Anderl Linux - Networking 38 10-16-2012 03:50 AM
Using iptables to make port 22 accessible through 4455 externally Yalla-One Fedora 2 04-17-2011 04:43 AM
cant make 'read' work with grepped output johnfman Programming 6 11-12-2007 08:05 AM
vsftpd won't read vsftpd.conf m2azer Linux - Software 9 04-21-2006 03:25 PM
vsftpd - Can't connect externally??? Xgkkp Linux - Networking 5 08-30-2003 12:50 PM


All times are GMT -5. The time now is 07:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration