Рубрики
debian daemons \ демоны \ службы \ сервисы

debian \ ftp \ vsftpd \ mikrotik

Ссылки:

https://wiki.debian.org/ru/vsftpd
http://www.aitishnik.ru/linux/ftp-server-debian.html
https://serverfault.com/questions/421161/how-to-configure-vsftpd-to-work-with-passive-mode
http://unix.ck.ua/content/ustanovka-nastroika-vsftpd
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT
https://wiki.mikrotik.com/wiki/Manual:IP/Services

debian + vsftpd

0. apt install  vsftpd

1. nano /etc/vsftpd.conf - пример конфига 
------------------------
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES 
1

chroot_local_user=NO
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
chown_uploads=YES
chown_username=www-data

pasv_enable=Yes - пассивный режим
pasv_max_port=10100 - пассивный режим
pasv_min_port=10090 - пассивный режим
------------------------

2. Смена домашнего каталога для user1
usermod -d /var/www/html/ user1

mikrotik примерная настройка

/ip firewall nat
add action=dst-nat chain=dstnat comment="ftp" dst-address=внешний_адрес dst-port=20,21,10090-10100 in-interface=ether5-gw protocol=tcp src-address-list=ftp to-addresses=внутренний

/ip firewall filter
add action=accept chain=forward comment="ftp" dst-port=20,21,10090-10100 in-interface=ether5-gw protocol=tcp src-address-list=ftp

/ip firewall service-port
set ftp disabled=yes

Еще пример конфига (/etc/vsftpd.conf):

### https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04 

ftpd_banner=Welcome to PureFTPd 1.5.250

listen=YES
anonymous_enable=NO
anon_upload_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/tftp/config
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
max_per_ip=10

log_ftp_protocol=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

chown_uploads=YES
chown_username=tftp

###virutal user settings
user_config_dir=/etc/vsftpd/users.d
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=tftp
guest_username=tftp

###fix
seccomp_sandbox=NO

#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#force_local_data_ssl=YES
#force_local_logins_ssl=YES
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#require_ssl_reuse=NO
#ciphers=HIGH

utf8_filesystem=YES
pasv_enable=Yes
pasv_min_port=20001
pasv_max_port=20100