Categories
Debian FTP Server Network Ubuntu

FTP server on Debian 10 vsftp

First of all, we are going to up to date the Debian 10 as sudo user or having root permissions:

apt update && sudo apt upgrade

Than install and check is running service:

apt install vsftpd
systemctl status vsftpd

Backup the default config file and edit the source:

cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
nano /etc/vsftpd.conf

Edit list for following parameters:

enable listen ip4v and disable listen ip6v,
allow making changes in the home folder,
change or up to you the connection port,
add a range of port for passive mode
hard bounding users to their folders to avoid the ability to delete files by other users,
create and utilize the list of users and add users there,
add users the same as was added to the /etc/vsftpd.chroot_list,
finally, restart the service

listen=YES
#listen_ipv6=NO

write_enable=YES

#connect_from_port_20=YES
listen_port=21

pasv_min_port=40000
pasv_max_port=50000
port_enable=YES

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

adduser someusername

systemctl restart vsftpd && systemctl status vsftpd


Enable external access in the iptables configuration for these list of ports:
20, 21 / TCP for FTP
990 / TCP for TLS
40000:50000 / TCP for passive ports

iptables -A INPUT -p tcp --dports 20 -j ACCEPT
iptables -A INPUT -p tcp --dports 21 -j ACCEPT
iptables -A INPUT -p tcp --dports 990 -j ACCEPT
iptables -A INPUT -p tcp --match multiport --dports 40000:50000 -j ACCEPT
iptables-save > /etc/iptables_rules #save your current configuration to file
iptables-restore < /etc/iptables_rules #restore the desirable configuration to make actual