pfSense Gold Subscription

Author Topic: Howto: Pure-ftpd on pfSense  (Read 9482 times)

0 Members and 2 Guests are viewing this topic.

Offline Perry

  • Hero Member
  • *****
  • Posts: 1152
  • Karma: +0/-0
    • View Profile
Howto: Pure-ftpd on pfSense
« on: June 15, 2007, 09:12:06 am »
   **************** Read me ****************

- This guide have not been made to offend anyone.
- Nor am i saying i know what I'm doing.
- Nor is it written as elegant as the snort2pfsense howto.
- Nor to frustrate people with a Hard disk smaller than 10GB.
- This is not likely going to be available as a package since it's a bad idea on a firewall.
- Reply's will be filtered by red.bikeshed.org or blue, can't decide.
- If this in anyway fulfilled any bounty request you have posted, 
then don't hesitate to send it via paypal to crazypark2@yahoo.dk,
so i can donate it to Daniel's work on the Freenas package.

   *****************************************


So why make it you may ask?
 Well my 4GB HD did make to much noise so i upgraded.

Goal:
 To make a drop zone storage on the local net.

First:
 Pure-ftp won over vsftpd because of puredb.

Howto: ( Based on http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php )

-------------------------------------------------------------------------------

  ( Enable ssh access in pfsense gui )
  ( Use putty to login to server using root and press 8 for shell )

# pkg_add -r puredb

# pkg_add -r pure-ftpd

# cd /usr/local/etc

# cp pure-ftpd.conf.sample pure-ftpd.conf

   ( changing conf , to exit press " esc a a " )

# ee pure-ftpd.conf

ChrootEveryone              yes

PureDB                      /usr/local/etc/pureftpd.pdb

Umask                       177:077

AllowUserFXP                no

CreateHomeDir               yes

Bind             192.168.1.1,3333 ( your pfsense lan ip and a unused port )

  ( close putty and start it again with user = admin and press 8 for shell )

# pw groupadd ftpgroup

# pw useradd ftpusers -c "Virtual FTP Users" -g ftpgroup -d /dev/null -s /sbin/nologin

# mkdir /usr/ftpusers

# pure-pw useradd bob -u ftpusers -d /usr/ftpusers/bob -m
Password:
Enter it again:

  ( To start the server )

# cd /usr/local/sbin/
# chmod 755 pure-config.pl
# ./pure-config.pl /usr/local/etc/pure-ftpd.conf

  ( to start on boot add 2 lines to pureftp.sh )

# ee /usr/local/etc/rc.d/pureftp.sh

   #!/bin/sh
   /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

--------------------------------------------------------------------------------

Extra ( Making bob's files available from browser )

# /bin/ln -s /usr/ftpusers/bob /usr/local/www/getit

and Upload snif to bob http://www.bitfolge.de/snif-en.html

then goto http://192.168.1.1/getit/ to view and download

That's it ;)
« Last Edit: June 16, 2007, 06:31:55 am by Perry »
/Perry
doc.pfsense.org

Offline jakep

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #1 on: December 01, 2008, 12:15:10 pm »
Great post!  That was a big help.

At this posting, pfSense uses FreeBSD 6.2 (which is at EOL) so some minor modifications are required...

Before you do "pkg_add -r puredb", type the following line:

# export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/


You will get a warning when you download pure-ftpd: "pkg_add: warning: package 'pure-ftpd-1.0.21_1' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed"

I'm pretty sure you can ignore this warning.  Everything seems to work.

In addition, if you want to make a public FTP server, don't enter the line mentioned in the previous post (Bind 192.168.1.1,3333) or make sure it is commented out.  By default, PureFTP will listen on all available IPs on the default FTP port (21). Lastly, you'll need to open port 20 and 21 for Active FTP.  With only port 21 open, you can connect but not retrieve folder listings.

Jake Persofsky
Insperia, Inc
http://www.insperia.com
« Last Edit: December 01, 2008, 12:18:22 pm by jakep »

Offline jigpe

  • Sr. Member
  • ****
  • Posts: 371
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #2 on: June 22, 2009, 04:57:44 pm »
Good morning.. im using 1.2.2 ... # pkg_add -r lftp
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz' by URL

i cannot download the lftp...thanks

jigp
Davao City

Offline chudy

  • Full Member
  • ***
  • Posts: 149
  • Karma: +0/-0
    • View Profile
    • lusca for pfsense
Re: Howto: Pure-ftpd on pfSense
« Reply #3 on: June 22, 2009, 09:34:24 pm »
7.0-release has been change to 7.0-stable therefore run
Code: [Select]
setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/"
pkg_add -r samba3
before adding packages(mine samba3). or change what ever version you like.
« Last Edit: June 26, 2009, 11:30:12 am by chudy »
currently using lusca-HEAD(patched) for CDN(youtube vidoes) caching, bandwidth throttling(throttle if file is bigger than 32KB) and aggressive caching.

lusca and SRG for pfsense and some patch
http://code.google.com/p/pfsense-cacheboy

Offline jigpe

  • Sr. Member
  • ****
  • Posts: 371
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #4 on: June 26, 2009, 12:13:40 am »
Hello Chud good afternoon :)

Same thing...
Enter an option: 8

# pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/' by URL
#

Offline pdeg7

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #5 on: June 26, 2009, 01:55:05 pm »
Thanks for all the help guys. Got it up anr running in no time. The issue im running into into is im trying to connect to the ftp using a pc on my lan (flashfxp). It gets passed the username and password but hangs at the point where it's trying to list the contents of the folder. I have tried with both passive enabled and disabled. It fails at the same point.

Here is the log of what happen's with passive enabled.

Code: [Select]
[R] Connecting to 192.168.1.1 -> IP=192.168.1.1 PORT=21
[R] Connected to 192.168.1.1
[R] 220---------- Welcome to Pure-FTPd [privsep] ----------
[R] 220-You are user number 3 of 50 allowed.
[R] 220-Local time is now 12:52. Server port: 21.
[R] 220-IPv6 connections are also welcome on this server.
[R] 220 You will be disconnected after 15 minutes of inactivity.
[R] USER sistech
[R] 331 User sistech OK. Password required
[R] PASS (hidden)
[R] 230-User sistech has group access to:  1007     
[R] 230 OK. Current directory is /
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211-Extensions supported:
[R]  EPRT
[R]  IDLE
[R]  MDTM
[R]  SIZE
[R]  REST STREAM
[R]  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
[R]  MLSD
[R]  ESTA
[R]  PASV
[R]  EPSV
[R]  SPSV
[R]  ESTP
[R] 211 End.
[R] CWD /
[R] 250 OK. Current directory is /
[R] PWD
[R] 257 "/" is your current location
[R] PASV mode failed, trying PORT  mode.
[R] TYPE A
[R] 200 TYPE is now ASCII
[R] Listening on PORT: 62790, Waiting for connection.
[R] PORT 192,168,1,3,245,70
[R] 200 PORT command successful
[R] MLSD
[R] 425 Could not open data connection to port 50464: Operation timed out
[R] List Error

Offline jigpe

  • Sr. Member
  • ****
  • Posts: 371
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #6 on: July 08, 2009, 09:44:35 pm »
Good morning :)

Using linux/windows and lftp to the ftp server i got these things:
FEAT negotiation...
TLS negotiation...
`ls' at 0 [Logging in...] (for like whole day no response even if i "ls" or "cd"
.. I tried to add ports in the firewall 999 but same thing..i added port 22,21 too...No luck...

jigp
Davao City

Offline c4xp

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #7 on: October 29, 2009, 01:19:53 pm »
I had the same problem with the directory listing.
but I then added to NAT (and automatically on Rules) the port 3333 on 192.168.1.1 and then it magically worked !

P.S. port 21 is not working (instead of 3333) with the same settings :-\
« Last Edit: October 29, 2009, 02:28:14 pm by c4xp »

Offline eihcet

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Howto: Pure-ftpd on pfSense
« Reply #8 on: November 05, 2009, 08:42:21 pm »
fooling around with a CF card install, important to first:
running /etc/rc.conf_mount_rw to make filesystem temporarily writeable, making your changes, then

running /etc/rc.conf_mount_ro to set filesystem back to read-only [when appropriate]