FTP

From Jonathan Gardner's Tech Wiki
Jump to: navigation, search

Setting FTP Up on Fedora

Short Instructions

$ su -
# yum -y install vsftpd
# service vsftpd start
# chkconfig vsftp on
# vim /etc/sysconfig/iptables
< add the line "-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT" >
# vim /etc/sysconfig/iptables-config
< add ip_conntrack_ftp to IPTABLES_MODULES >
# service iptables restart

Longer Instructions

VSFTPD is the preferred FTP daemon. It is pretty simply and pretty secure. It lives in the 'vsftpd' package, so you'll have to install that if you haven't already. 

# yum -y install vsftpd

Then get it running: 

# service vsftpd start  # Start right now
# chkconfig vsftp on    # Start up on boot

If you are running with iptables firewall (by default, you are), you'll need to open it up for external traffic.

First, modify /etc/sysconfig/iptables to allow incoming TCP connections to port 21--the FTP port. Add the line: 

-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

This needs to go after the "-A INPUT -i lo -j ACCEPT" line and before the "-A INPUT -j REJECT --reject-with icmp-host-prohibited" line. It should be apparent if you've already opened up some ports.

But this is not all. FTP is a strange beast that requires some pretty advanced firewall rules. You'll need the "ip_conntrack_ftp" module installed. Edit /etc/sysconfig/iptables-config and change the line with "IPTABLES_MODULES" to read: 

IPTABLES_MODULES="ip_conntrack_ftp"

If there is already something there, don't remove it. Instead, seperate things out with spaces inside the quotes. 

IPTABLES_MODULES="ip_conntrack_ftp something_else"

Once you've made these changes, you need to restart the firewall. 

service iptables restart
Retrieved from "https://tech.jonathangardner.net/w/index.php?title=FTP&oldid=1804"