Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Howto: Pure-ftpd on pfSense

    Scheduled Pinned Locked Moved pfSense Packages
    9 Posts 7 Posters 14.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Perry
      last edited by

      **************** Read me ****************

      • This guide have not been made to offend anyone.
      • Nor am i saying i know what I'm doing.
      • Nor is it written as elegant as the snort2pfsense howto.
      • Nor to frustrate people with a Hard disk smaller than 10GB.
      • This is not likely going to be available as a package since it's a bad idea on a firewall.
      • Reply's will be filtered by red.bikeshed.org or blue, can't decide.
      • If this in anyway fulfilled any bounty request you have posted, 
        then don't hesitate to send it via paypal to crazypark2@yahoo.dk,
        so i can donate it to Daniel's work on the Freenas package.

      *****************************************

      So why make it you may ask?
      Well my 4GB HD did make to much noise so i upgraded.

      Goal:
      To make a drop zone storage on the local net.

      First:
      Pure-ftp won over vsftpd because of puredb.

      Howto: ( Based on http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php )

      –-----------------------------------------------------------------------------

      ( Enable ssh access in pfsense gui )
        ( Use putty to login to server using root and press 8 for shell )

      pkg_add -r puredb

      pkg_add -r pure-ftpd

      cd /usr/local/etc

      cp pure-ftpd.conf.sample pure-ftpd.conf

      ( changing conf , to exit press " esc a a " )

      ee pure-ftpd.conf

      ChrootEveryone              yes

      PureDB                      /usr/local/etc/pureftpd.pdb

      Umask                      177:077

      AllowUserFXP                no

      CreateHomeDir              yes

      Bind     192.168.1.1,3333 ( your pfsense lan ip and a unused port )

      ( close putty and start it again with user = admin and press 8 for shell )

      pw groupadd ftpgroup

      pw useradd ftpusers -c "Virtual FTP Users" -g ftpgroup -d /dev/null -s /sbin/nologin

      mkdir /usr/ftpusers

      pure-pw useradd bob -u ftpusers -d /usr/ftpusers/bob -m

      Password:
      Enter it again:

      ( To start the server )

      cd /usr/local/sbin/

      chmod 755 pure-config.pl

      ./pure-config.pl /usr/local/etc/pure-ftpd.conf

      ( to start on boot add 2 lines to pureftp.sh )

      ee /usr/local/etc/rc.d/pureftp.sh

      #!/bin/sh
        /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

      Extra ( Making bob's files available from browser )

      /bin/ln -s /usr/ftpusers/bob /usr/local/www/getit

      and Upload snif to bob http://www.bitfolge.de/snif-en.html

      then goto http://192.168.1.1/getit/ to view and download

      That's it ;)

      /Perry
      doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • J
        jakep
        last edited by

        Great post!  That was a big help.

        At this posting, pfSense uses FreeBSD 6.2 (which is at EOL) so some minor modifications are required…

        Before you do "pkg_add -r puredb", type the following line:

        export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/

        You will get a warning when you download pure-ftpd: "pkg_add: warning: package 'pure-ftpd-1.0.21_1' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed"

        I'm pretty sure you can ignore this warning.  Everything seems to work.

        In addition, if you want to make a public FTP server, don't enter the line mentioned in the previous post (Bind 192.168.1.1,3333) or make sure it is commented out.  By default, PureFTP will listen on all available IPs on the default FTP port (21). Lastly, you'll need to open port 20 and 21 for Active FTP.  With only port 21 open, you can connect but not retrieve folder listings.

        Jake Persofsky
        Insperia, Inc
        http://www.insperia.com

        1 Reply Last reply Reply Quote 0
        • J
          jigpe
          last edited by

          Good morning.. im using 1.2.2 … # pkg_add -r lftp
          Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz: File unavailable (e.g., file not found, no access)
          pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz' by URL

          i cannot download the lftp...thanks

          jigp
          Davao City

          1 Reply Last reply Reply Quote 0
          • C
            chudy
            last edited by

            7.0-release has been change to 7.0-stable therefore run

            setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/"
pkg_add -r samba3

            before adding packages(mine samba3). or change what ever version you like.

            1 Reply Last reply Reply Quote 0
            • J
              jigpe
              last edited by

              Hello Chud good afternoon :)

              Same thing…
              Enter an option: 8

              pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/

              Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/: File unavailable (e.g., file not found, no access)
              pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/' by URL

              1 Reply Last reply Reply Quote 0
              • P
                pdeg7
                last edited by

                Thanks for all the help guys. Got it up anr running in no time. The issue im running into into is im trying to connect to the ftp using a pc on my lan (flashfxp). It gets passed the username and password but hangs at the point where it's trying to list the contents of the folder. I have tried with both passive enabled and disabled. It fails at the same point.

                Here is the log of what happen's with passive enabled.

                
[R] Connecting to 192.168.1.1 -> IP=192.168.1.1 PORT=21
[R] Connected to 192.168.1.1
[R] 220---------- Welcome to Pure-FTPd [privsep] ----------
[R] 220-You are user number 3 of 50 allowed.
[R] 220-Local time is now 12:52\. Server port: 21.
[R] 220-IPv6 connections are also welcome on this server.
[R] 220 You will be disconnected after 15 minutes of inactivity.
[R] USER sistech
[R] 331 User sistech OK. Password required
[R] PASS (hidden)
[R] 230-User sistech has group access to:  1007      
[R] 230 OK. Current directory is /
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211-Extensions supported:
[R]  EPRT
[R]  IDLE
[R]  MDTM
[R]  SIZE
[R]  REST STREAM
[R]  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
[R]  MLSD
[R]  ESTA
[R]  PASV
[R]  EPSV
[R]  SPSV
[R]  ESTP
[R] 211 End.
[R] CWD /
[R] 250 OK. Current directory is /
[R] PWD
[R] 257 "/" is your current location
[R] PASV mode failed, trying PORT  mode.
[R] TYPE A
[R] 200 TYPE is now ASCII
[R] Listening on PORT: 62790, Waiting for connection.
[R] PORT 192,168,1,3,245,70
[R] 200 PORT command successful
[R] MLSD
[R] 425 Could not open data connection to port 50464: Operation timed out
[R] List Error
                1 Reply Last reply Reply Quote 0
                • J
                  jigpe
                  last edited by

                  Good morning :)

                  Using linux/windows and lftp to the ftp server i got these things:
                  FEAT negotiation…
                  TLS negotiation...
                  `ls' at 0 [Logging in…] (for like whole day no response even if i "ls" or "cd"
                  .. I tried to add ports in the firewall 999 but same thing..i added port 22,21 too…No luck...

                  jigp
                  Davao City

                  1 Reply Last reply Reply Quote 0
                  • C
                    c4xp
                    last edited by

                    I had the same problem with the directory listing.
                    but I then added to NAT (and automatically on Rules) the port 3333 on 192.168.1.1 and then it magically worked !

                    P.S. port 21 is not working (instead of 3333) with the same settings :-\

                    1 Reply Last reply Reply Quote 0
                    • E
                      eihcet
                      last edited by

                      fooling around with a CF card install, important to first:
                      running /etc/rc.conf_mount_rw to make filesystem temporarily writeable, making your changes, then

                      running /etc/rc.conf_mount_ro to set filesystem back to read-only [when appropriate]

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.