Howto: Pure-ftpd on pfSense



  • **************** Read me ****************

    • This guide have not been made to offend anyone.
    • Nor am i saying i know what I'm doing.
    • Nor is it written as elegant as the snort2pfsense howto.
    • Nor to frustrate people with a Hard disk smaller than 10GB.
    • This is not likely going to be available as a package since it's a bad idea on a firewall.
    • Reply's will be filtered by red.bikeshed.org or blue, can't decide.
    • If this in anyway fulfilled any bounty request you have posted, 
      then don't hesitate to send it via paypal to crazypark2@yahoo.dk,
      so i can donate it to Daniel's work on the Freenas package.

    *****************************************

    So why make it you may ask?
    Well my 4GB HD did make to much noise so i upgraded.

    Goal:
    To make a drop zone storage on the local net.

    First:
    Pure-ftp won over vsftpd because of puredb.

    Howto: ( Based on http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php )

    –-----------------------------------------------------------------------------

    ( Enable ssh access in pfsense gui )
      ( Use putty to login to server using root and press 8 for shell )

    pkg_add -r puredb

    pkg_add -r pure-ftpd

    cd /usr/local/etc

    cp pure-ftpd.conf.sample pure-ftpd.conf

    ( changing conf , to exit press " esc a a " )

    ee pure-ftpd.conf

    ChrootEveryone              yes

    PureDB                      /usr/local/etc/pureftpd.pdb

    Umask                      177:077

    AllowUserFXP                no

    CreateHomeDir              yes

    Bind     192.168.1.1,3333 ( your pfsense lan ip and a unused port )

    ( close putty and start it again with user = admin and press 8 for shell )

    pw groupadd ftpgroup

    pw useradd ftpusers -c "Virtual FTP Users" -g ftpgroup -d /dev/null -s /sbin/nologin

    mkdir /usr/ftpusers

    pure-pw useradd bob -u ftpusers -d /usr/ftpusers/bob -m

    Password:
    Enter it again:

    ( To start the server )

    cd /usr/local/sbin/

    chmod 755 pure-config.pl

    ./pure-config.pl /usr/local/etc/pure-ftpd.conf

    ( to start on boot add 2 lines to pureftp.sh )

    ee /usr/local/etc/rc.d/pureftp.sh

    #!/bin/sh
      /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf


    Extra ( Making bob's files available from browser )

    /bin/ln -s /usr/ftpusers/bob /usr/local/www/getit

    and Upload snif to bob http://www.bitfolge.de/snif-en.html

    then goto http://192.168.1.1/getit/ to view and download

    That's it ;)



  • Great post!  That was a big help.

    At this posting, pfSense uses FreeBSD 6.2 (which is at EOL) so some minor modifications are required…

    Before you do "pkg_add -r puredb", type the following line:

    export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.3-release/Latest/

    You will get a warning when you download pure-ftpd: "pkg_add: warning: package 'pure-ftpd-1.0.21_1' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed"

    I'm pretty sure you can ignore this warning.  Everything seems to work.

    In addition, if you want to make a public FTP server, don't enter the line mentioned in the previous post (Bind 192.168.1.1,3333) or make sure it is commented out.  By default, PureFTP will listen on all available IPs on the default FTP port (21). Lastly, you'll need to open port 20 and 21 for Active FTP.  With only port 21 open, you can connect but not retrieve folder listings.

    Jake Persofsky
    Insperia, Inc
    http://www.insperia.com



  • Good morning.. im using 1.2.2 … # pkg_add -r lftp
    Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz: File unavailable (e.g., file not found, no access)
    pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz' by URL

    i cannot download the lftp...thanks

    jigp
    Davao City



  • 7.0-release has been change to 7.0-stable therefore run

    setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/"
    pkg_add -r samba3
    

    before adding packages(mine samba3). or change what ever version you like.



  • Hello Chud good afternoon :)

    Same thing…
    Enter an option: 8

    pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/

    Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/: File unavailable (e.g., file not found, no access)
    pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/' by URL



  • Thanks for all the help guys. Got it up anr running in no time. The issue im running into into is im trying to connect to the ftp using a pc on my lan (flashfxp). It gets passed the username and password but hangs at the point where it's trying to list the contents of the folder. I have tried with both passive enabled and disabled. It fails at the same point.

    Here is the log of what happen's with passive enabled.

    
    [R] Connecting to 192.168.1.1 -> IP=192.168.1.1 PORT=21
    [R] Connected to 192.168.1.1
    [R] 220---------- Welcome to Pure-FTPd [privsep] ----------
    [R] 220-You are user number 3 of 50 allowed.
    [R] 220-Local time is now 12:52\. Server port: 21.
    [R] 220-IPv6 connections are also welcome on this server.
    [R] 220 You will be disconnected after 15 minutes of inactivity.
    [R] USER sistech
    [R] 331 User sistech OK. Password required
    [R] PASS (hidden)
    [R] 230-User sistech has group access to:  1007      
    [R] 230 OK. Current directory is /
    [R] SYST
    [R] 215 UNIX Type: L8
    [R] FEAT
    [R] 211-Extensions supported:
    [R]  EPRT
    [R]  IDLE
    [R]  MDTM
    [R]  SIZE
    [R]  REST STREAM
    [R]  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
    [R]  MLSD
    [R]  ESTA
    [R]  PASV
    [R]  EPSV
    [R]  SPSV
    [R]  ESTP
    [R] 211 End.
    [R] CWD /
    [R] 250 OK. Current directory is /
    [R] PWD
    [R] 257 "/" is your current location
    [R] PASV mode failed, trying PORT  mode.
    [R] TYPE A
    [R] 200 TYPE is now ASCII
    [R] Listening on PORT: 62790, Waiting for connection.
    [R] PORT 192,168,1,3,245,70
    [R] 200 PORT command successful
    [R] MLSD
    [R] 425 Could not open data connection to port 50464: Operation timed out
    [R] List Error
    
    


  • Good morning :)

    Using linux/windows and lftp to the ftp server i got these things:
    FEAT negotiation…
    TLS negotiation...
    `ls' at 0 [Logging in…] (for like whole day no response even if i "ls" or "cd"
    .. I tried to add ports in the firewall 999 but same thing..i added port 22,21 too…No luck...

    jigp
    Davao City



  • I had the same problem with the directory listing.
    but I then added to NAT (and automatically on Rules) the port 3333 on 192.168.1.1 and then it magically worked !

    P.S. port 21 is not working (instead of 3333) with the same settings :-\



  • fooling around with a CF card install, important to first:
    running /etc/rc.conf_mount_rw to make filesystem temporarily writeable, making your changes, then

    running /etc/rc.conf_mount_ro to set filesystem back to read-only [when appropriate]


Log in to reply