Howto: Pure-ftpd on pfSense
**************** Read me ****************
- This guide have not been made to offend anyone.
- Nor am i saying i know what I'm doing.
- Nor is it written as elegant as the snort2pfsense howto.
- Nor to frustrate people with a Hard disk smaller than 10GB.
- This is not likely going to be available as a package since it's a bad idea on a firewall.
- Reply's will be filtered by red.bikeshed.org or blue, can't decide.
- If this in anyway fulfilled any bounty request you have posted,
then don't hesitate to send it via paypal to firstname.lastname@example.org,
so i can donate it to Daniel's work on the Freenas package.
So why make it you may ask?
Well my 4GB HD did make to much noise so i upgraded.
To make a drop zone storage on the local net.
Pure-ftp won over vsftpd because of puredb.
Howto: ( Based on http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php )
( Enable ssh access in pfsense gui )
( Use putty to login to server using root and press 8 for shell )
pkg_add -r puredb
pkg_add -r pure-ftpd
cp pure-ftpd.conf.sample pure-ftpd.conf
( changing conf , to exit press " esc a a " )
Bind 192.168.1.1,3333 ( your pfsense lan ip and a unused port )
( close putty and start it again with user = admin and press 8 for shell )
pw groupadd ftpgroup
pw useradd ftpusers -c "Virtual FTP Users" -g ftpgroup -d /dev/null -s /sbin/nologin
pure-pw useradd bob -u ftpusers -d /usr/ftpusers/bob -m
Enter it again:
( To start the server )
chmod 755 pure-config.pl
( to start on boot add 2 lines to pureftp.sh )
Extra ( Making bob's files available from browser )
/bin/ln -s /usr/ftpusers/bob /usr/local/www/getit
and Upload snif to bob http://www.bitfolge.de/snif-en.html
then goto http://192.168.1.1/getit/ to view and download
That's it ;)
Great post! That was a big help.
At this posting, pfSense uses FreeBSD 6.2 (which is at EOL) so some minor modifications are required…
Before you do "pkg_add -r puredb", type the following line:
You will get a warning when you download pure-ftpd: "pkg_add: warning: package 'pure-ftpd-1.0.21_1' requires 'perl-5.8.8_1', but 'perl-5.8.8' is installed"
I'm pretty sure you can ignore this warning. Everything seems to work.
In addition, if you want to make a public FTP server, don't enter the line mentioned in the previous post (Bind 192.168.1.1,3333) or make sure it is commented out. By default, PureFTP will listen on all available IPs on the default FTP port (21). Lastly, you'll need to open port 20 and 21 for Active FTP. With only port 21 open, you can connect but not retrieve folder listings.
Good morning.. im using 1.2.2 … # pkg_add -r lftp
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lftp.tbz' by URL
i cannot download the lftp...thanks
7.0-release has been change to 7.0-stable therefore run
setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/" pkg_add -r samba3
before adding packages(mine samba3). or change what ever version you like.
Hello Chud good afternoon :)
Enter an option: 8
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-stable/Latest/' by URL
Thanks for all the help guys. Got it up anr running in no time. The issue im running into into is im trying to connect to the ftp using a pc on my lan (flashfxp). It gets passed the username and password but hangs at the point where it's trying to list the contents of the folder. I have tried with both passive enabled and disabled. It fails at the same point.
Here is the log of what happen's with passive enabled.
[R] Connecting to 192.168.1.1 -> IP=192.168.1.1 PORT=21 [R] Connected to 192.168.1.1 [R] 220---------- Welcome to Pure-FTPd [privsep] ---------- [R] 220-You are user number 3 of 50 allowed. [R] 220-Local time is now 12:52\. Server port: 21. [R] 220-IPv6 connections are also welcome on this server. [R] 220 You will be disconnected after 15 minutes of inactivity. [R] USER sistech [R] 331 User sistech OK. Password required [R] PASS (hidden) [R] 230-User sistech has group access to: 1007 [R] 230 OK. Current directory is / [R] SYST [R] 215 UNIX Type: L8 [R] FEAT [R] 211-Extensions supported: [R] EPRT [R] IDLE [R] MDTM [R] SIZE [R] REST STREAM [R] MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; [R] MLSD [R] ESTA [R] PASV [R] EPSV [R] SPSV [R] ESTP [R] 211 End. [R] CWD / [R] 250 OK. Current directory is / [R] PWD [R] 257 "/" is your current location [R] PASV mode failed, trying PORT mode. [R] TYPE A [R] 200 TYPE is now ASCII [R] Listening on PORT: 62790, Waiting for connection. [R] PORT 192,168,1,3,245,70 [R] 200 PORT command successful [R] MLSD [R] 425 Could not open data connection to port 50464: Operation timed out [R] List Error
Good morning :)
Using linux/windows and lftp to the ftp server i got these things:
`ls' at 0 [Logging in…] (for like whole day no response even if i "ls" or "cd"
.. I tried to add ports in the firewall 999 but same thing..i added port 22,21 too…No luck...
I had the same problem with the directory listing.
but I then added to NAT (and automatically on Rules) the port 3333 on 192.168.1.1 and then it magically worked !
P.S. port 21 is not working (instead of 3333) with the same settings :-\
fooling around with a CF card install, important to first:
running /etc/rc.conf_mount_rw to make filesystem temporarily writeable, making your changes, then
running /etc/rc.conf_mount_ro to set filesystem back to read-only [when appropriate]