оригинал тут https://www.liquidweb.com/kb/how-to-install-proftpd-on-centos-7/
FTP (File Transfer Protocol) is probably the most popular method of uploading files to a server; a wide array of FTP servers, such as ProFTPD, and clients exist for every platform.
- These instructions are intended specifically for installing the ProFTPD on CentOS 7.
- I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as root.
ProFTPD is part of Extra Packages for Enterprise Linux (EPEL), which is a community repository of non-standard packages for the RHEL distribution. First, we’ll install the EPEL repository:
1 |
rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm |
Версия файла epel-release-7-8.noarch.rpm может отличатся от текущей!
Step 2: Install ProFTPD
As a matter of best practice we’ll update our packages:
1 |
yum -y update |
Then let’s install ProFTPD and any required packages:
1 |
yum -y install proftpd |
Step 3: Configure ProFTPD
все удаляем из конфига и вставляем кастомный:
1 |
vim /etc/proftpd.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
UseIPv6 on IdentLookups off UseReverseDNS off ServerName "host.name" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ DefaultRoot ~ Port 21 #Важно, ниже приведены 2 строки для успешной работы ftp за натом на сервере с серым IP MasqueradeAddress 138.201.230.18 PassivePorts 49152 65534 #Авторизация пользователей из файла, предварительно сгенерированных ftpasswd утилитой RequireValidShell off AuthUserFile /etc/proftpd/ftpd.passwd <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> MaxInstances 30 User nobody #Group nogroup AllowOverwrite on TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> Include /etc/proftpd/conf.d/ |
Change the ServerName to the hostname of your server. In the case below, ftp.thebestfakedomainnameintheworld.com is an example:
ServerName “ftp.thebestfakedomainnameintheworld.com”
Создаем каталог и файл для пользователей и нужных атрибутов:
1 |
mkdir /etc/proftpd && touch /etc/proftpd/ftpd.passwd && chmod 440 /etc/proftpd/ftpd.passwd |
Restart the ProFTPD service:
1 |
systemctl restart proftpd |
Then set the ProFTPD service to start at boot:
1 |
systemctl enable proftpd |
And verify your work by checking the status of ProFTPD:
1 |
systemctl status proftpd |
Step 4: Allow ProFTPD Through the Firewall
Allow the default FTP port, port 21, through firewalld:
firewall-cmd --permanent --add-port=21/tcp
And reload the firewall:
firewall-cmd --reload
В нашем случае, когда FTP за NAT’ом, надо назначить и прокинуть нужные нам порты:
Настройка iptables на root’ой ноде:
диапазон портов выбираем из 49152 — 65535
1 2 |
iptables -t nat -A PREROUTING -p tcp -m tcp -i eth0 -d <IP nat сервера> --dport 21302 -j DNAT --to-destination 10.1.1.106 -m comment --comment "ftp 106" iptables -t nat -I PREROUTING 7 -p tcp -d <IP nat сервера> --dport 54153:59153 -j DNAT --to-destination 10.1.1.106:54153-59153 -m comment --comment "ports for ftp 10.1.1.106" |
1 2 |
iptables -A FORWARD -d 10.1.1.106 -p tcp --dport 21302 -j ACCEPT iptables -A FORWARD -d 10.1.1.106 -p tcp --dport 54153:59153 -j ACCEPT |
Iptables внутри контейнера:
1 2 |
iptables -A INPUT -p tcp -m tcp --dport 21302 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 54153:59153 -j ACCEPT |