February 4, 2021

Fedora 32 -- running an FTP server

Who would have thought I would ever be doing this, but recently I have had two different situations that have made this useful. One is supporting file transfers to an old machine running FreeDOS.

Basic setup

This is very easy. It just involves installing a package and starting the server. 
su
dnf install ftp vsftpd
firewall-cmd --add-service=ftp --permanent
firewall-cmd --reload
systemctl start vsftpd.service
systemctl enable vsftpd.service

Firewall

The above is all well and good if you are using the fedora firewall service and if you clients are using the classic port scheme.

I am using mTCP on my FreeDOS box, and it uses a newer port scheme called "passive" ftp. Under this scheme, the client starts on port 21, then asks the server what port to use for further activity. The trick here is knowing what range of ports the server may select and opening them up on the firewall. (As near as I can tell the original "classic" scheme would just use port 20). There are options to svftp to tell it to do passive ftp and which ports to use: 

# Added by tjt 2-5-2021
pasv_enable=Yes
pasv_min_port=10090
pasv_max_port=10094
I add the above to /etc/vsftpd/vsftpd.conf and then: 
su
systemctl restart vsftpd.service
And then to the iptables file: 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10090:10094 -j ACCEPT
And: 
systemctl restart iptables.service
This setup works with an old classic client as well as the newer passive mTCP client on FreeDOS.

Have any comments? Questions? Drop me a line!

Adventures in Computing / tom@mmto.org