<-Back to 2017

Passive mode

ftp needs often to work in passive mode, open the necessary ports:

 FW_SERVICES_EXT_TCP="1024:65535" 

with the good values, of course.

If you are behind a gateway, you have to forward the ports to the server. In the gateway firewall you need to add (SuSfirewall2)

Donc, dans le pare-feu de la passerelle il faut ajouter (SuSEfirewall2):

FW_FORWARD_MASQ="0/0,192.168.56.101,tcp,80
0/0,192.168.56.101,tcp,21
0/0,192.168.56.101,tcp,20
0/0,192.168.56.101,tcp,30000:30100" 

SuSEfirewall2 accepts sevral arguments separated by a space or a carriage return. Do not forget the beginning and closing quote.

If you need active ftp, you have to forward ports in your own home gateway (for me from 6000 to 7000).This is to configure in Filezilla (active ftp)

With some kernels, vsftp secomp filter is too picky and have to be disabled:

 seccomp_sandbox=NO

Be warned than vsftp is very picky about his conbfig file syntax, but do not quote the offending line, double check your typos.

Accès root

A banned users list is in /etc/ftpusers.

It's enough to remove the lins: :

 root

Write access

config in /etc/vsftp.conf

Security

Use simple ftp only if you can't do without. Prefere sftp, it's the same port but the ssh port, so no other port needed.

With Dolphin, prefere fish:// - the file permissions are the same.

With Filezilla, in the login line, set the port 22, it understand and add sftp://. It may be an other port as well.