Howto: Pure-ftpd on pfSense

Perry · Jun 15, 2007, 2:12 PM

**************** Read me ****************

This guide have not been made to offend anyone.
Nor am i saying i know what I'm doing.
Nor is it written as elegant as the snort2pfsense howto.
Nor to frustrate people with a Hard disk smaller than 10GB.
This is not likely going to be available as a package since it's a bad idea on a firewall.
Reply's will be filtered by red.bikeshed.org or blue, can't decide.
If this in anyway fulfilled any bounty request you have posted,
then don't hesitate to send it via paypal to crazypark2@yahoo.dk,
so i can donate it to Daniel's work on the Freenas package.

*****************************************

So why make it you may ask?
Well my 4GB HD did make to much noise so i upgraded.

Goal:
To make a drop zone storage on the local net.

First:
Pure-ftp won over vsftpd because of puredb.

Howto: ( Based on http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php )

–-----------------------------------------------------------------------------

( Enable ssh access in pfsense gui )
( Use putty to login to server using root and press 8 for shell )

pkg_add -r puredb

pkg_add -r pure-ftpd

cd /usr/local/etc

cp pure-ftpd.conf.sample pure-ftpd.conf

( changing conf , to exit press " esc a a " )

ee pure-ftpd.conf

ChrootEveryone yes

PureDB /usr/local/etc/pureftpd.pdb

Umask 177:077

AllowUserFXP no

CreateHomeDir yes

Bind 192.168.1.1,3333 ( your pfsense lan ip and a unused port )

( close putty and start it again with user = admin and press 8 for shell )

pw groupadd ftpgroup

pw useradd ftpusers -c "Virtual FTP Users" -g ftpgroup -d /dev/null -s /sbin/nologin

mkdir /usr/ftpusers

pure-pw useradd bob -u ftpusers -d /usr/ftpusers/bob -m

Password:
Enter it again:

( To start the server )

cd /usr/local/sbin/

chmod 755 pure-config.pl

./pure-config.pl /usr/local/etc/pure-ftpd.conf

( to start on boot add 2 lines to pureftp.sh )

ee /usr/local/etc/rc.d/pureftp.sh

#!/bin/sh
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

Extra ( Making bob's files available from browser )

/bin/ln -s /usr/ftpusers/bob /usr/local/www/getit

and Upload snif to bob http://www.bitfolge.de/snif-en.html

then goto http://192.168.1.1/getit/ to view and download

That's it ;)

jakep · Dec 1, 2008, 6:18 PM

Great post! That was a big help.

At this posting, pfSense uses FreeBSD 6.2 (which is at EOL) so some minor modifications are required…

Before you do "pkg_add -r puredb", type the following line:

export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/

You will get a warning when you download pure-ftpd: "pkg_add: warning: package 'pure-ftpd-1.0.21_1' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed"

I'm pretty sure you can ignore this warning. Everything seems to work.

In addition, if you want to make a public FTP server, don't enter the line mentioned in the previous post (Bind 192.168.1.1,3333) or make sure it is commented out. By default, PureFTP will listen on all available IPs on the default FTP port (21). Lastly, you'll need to open port 20 and 21 for Active FTP. With only port 21 open, you can connect but not retrieve folder listings.

Jake Persofsky
Insperia, Inc
http://www.insperia.com

jigpe · Jun 22, 2009, 9:57 PM

Good morning.. im using 1.2.2 … # pkg_add -r lftp
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz' by URL

i cannot download the lftp...thanks

jigp
Davao City

chudy · Jun 26, 2009, 4:30 PM

7.0-release has been change to 7.0-stable therefore run

setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/"
pkg_add -r samba3

before adding packages(mine samba3). or change what ever version you like.

jigpe · Jun 26, 2009, 5:13 AM

Hello Chud good afternoon :)

Same thing…
Enter an option: 8

pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/

Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/' by URL

pdeg7 · Jun 26, 2009, 6:55 PM

Thanks for all the help guys. Got it up anr running in no time. The issue im running into into is im trying to connect to the ftp using a pc on my lan (flashfxp). It gets passed the username and password but hangs at the point where it's trying to list the contents of the folder. I have tried with both passive enabled and disabled. It fails at the same point.

Here is the log of what happen's with passive enabled.


[R] Connecting to 192.168.1.1 -> IP=192.168.1.1 PORT=21
[R] Connected to 192.168.1.1
[R] 220---------- Welcome to Pure-FTPd [privsep] ----------
[R] 220-You are user number 3 of 50 allowed.
[R] 220-Local time is now 12:52\. Server port: 21.
[R] 220-IPv6 connections are also welcome on this server.
[R] 220 You will be disconnected after 15 minutes of inactivity.
[R] USER sistech
[R] 331 User sistech OK. Password required
[R] PASS (hidden)
[R] 230-User sistech has group access to:  1007      
[R] 230 OK. Current directory is /
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211-Extensions supported:
[R]  EPRT
[R]  IDLE
[R]  MDTM
[R]  SIZE
[R]  REST STREAM
[R]  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
[R]  MLSD
[R]  ESTA
[R]  PASV
[R]  EPSV
[R]  SPSV
[R]  ESTP
[R] 211 End.
[R] CWD /
[R] 250 OK. Current directory is /
[R] PWD
[R] 257 "/" is your current location
[R] PASV mode failed, trying PORT  mode.
[R] TYPE A
[R] 200 TYPE is now ASCII
[R] Listening on PORT: 62790, Waiting for connection.
[R] PORT 192,168,1,3,245,70
[R] 200 PORT command successful
[R] MLSD
[R] 425 Could not open data connection to port 50464: Operation timed out
[R] List Error

jigpe · Jul 9, 2009, 2:44 AM

Good morning :)

Using linux/windows and lftp to the ftp server i got these things:
FEAT negotiation…
TLS negotiation...
`ls' at 0 [Logging in…] (for like whole day no response even if i "ls" or "cd"
.. I tried to add ports in the firewall 999 but same thing..i added port 22,21 too…No luck...

jigp
Davao City

c4xp · Oct 29, 2009, 7:28 PM

I had the same problem with the directory listing.
but I then added to NAT (and automatically on Rules) the port 3333 on 192.168.1.1 and then it magically worked !

P.S. port 21 is not working (instead of 3333) with the same settings :-\

eihcet · Nov 6, 2009, 2:42 AM

fooling around with a CF card install, important to first:
running /etc/rc.conf_mount_rw to make filesystem temporarily writeable, making your changes, then

running /etc/rc.conf_mount_ro to set filesystem back to read-only [when appropriate]