Very secure FTP Daemon - lightweight, stable and secure FPT server for UNIX-like systems.
Install the server with:
dnf install vsftpd
Before configuring this ftp service understand the difference between:
(1) Active FTP and (2) Passive FTP from here
The following configuration goes explicit for Passive FTP + handling the firewall rules on the server's iptables.
Configuration for anonymous only ( inspired from gentoo ) plus additional Passive parameters to match iptables opened ports 40000 to 40099 (100 ports).
cat /etc/vsftpd/vsftpd.conf anonymous_enable=YES no_anon_password=YES anon_root=/var/ftp/pub local_enable=NO write_enable=NO local_umask=022 anon_upload_enable=NO anon_mkdir_write_enable=NO dirlist_enable=YES dirmessage_enable=YES chown_uploads=NO xferlog_enable=YES connect_from_port_20=YES idle_session_timeout=600 data_connection_timeout=120 ascii_upload_enable=NO ascii_download_enable=NO ftpd_banner=--[ftp service]-- chroot_local_user=NO chroot_list_enable=NO # (default follows) #chroot_list_file=/etc/vsftpd/vsftpd.chroot_list background=YES listen=YES ls_recurse_enable=NO listen=NO pam_service_name=vsftpd userlist_enable=YES # passive FTP (PASV command) pasv_enable=YES port_enable=YES ftp_data_port=20 listen_port=21 max_clients=100 max_per_ip=100 max_login_fails=3 pasv_min_port=40000 pasv_max_port=40099
Start server (watch the errors related to /etc/vsftpd/vsftpd.conf content)
systemctl start vsftpd.service systemctl enable vsftpd.service
Configure iptables firewall rules (TCP is a new chain where all tcp traffic is forwarded from INPUT chain)
iptables -A TCP -p tcp --dport 20 -j ACCEPT iptables -A TCP -p tcp --dport 21 -j ACCEPT iptables -A TCP -p tcp --dport 40000:40099 -j ACCEPT
FTP does not implement udp protocol
Check if the server is running and accesible (check DSL router also for port forwarding).
You can use FTP service to transfer files between 2 computers on the same SECURE network. You simply need to allow existing users in /etc/passwd to connect to FTP service. The authentication requires user+pass and the FTP will redirect the client to own $HOME directory. !!!Do not use this configuration on the servers facing the Internet!!!
cat /etc/vsftpd/vsftpd.conf anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES # passive FTP (PASV command) pasv_enable=YES port_enable=YES ftp_data_port=20 listen_port=21 max_clients=100 max_per_ip=100 max_login_fails=3 pasv_min_port=40000 pasv_max_port=40099