vsftp , remote access

I had to configure this so that a client could test an app.  I confess that ftp is not on my expertise list, and is also part of my 'insecure paranoia' list... but knowing of no better solution for the problem @hands..  you stick with the best you got. If you're going for long term use... I'd sugest searching google for a way to keep your server running on sftp..  a reminder that ... encryption is still the best vaccine we got against web disease... =P

steps are
1) configure to allow virtual users && allow remote acess
2) gen users auth
3) configure your router to allow connection to the machine where vsftp is running

1) sample /etc/vsftpd/vsftpd-virtual.conf
 # disables anonymous FTP
anonymous_enable=NO
# enables non-anonymous FTP
local_enable=YES
# activates virtual users
guest_enable=YES
# virtual users to use local privs, not anon privs
virtual_use_local_privs=YES
# enables uploads and new directories
write_enable=YES
# the PAM file used by authentication of virtual uses
pam_service_name=vsftpd-virtual
# in conjunction with 'local_root',
# specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/www/$USER #CHANGE THIS TO YOUR DESIRED FOLDER
# the virtual user is restricted to the virtual FTP area
chroot_local_user=YES
# hides the FTP server user IDs and just display "ftp" in directory listings
hide_ids=YES
# runs vsftpd in standalone mode
listen=YES
# listens on this port for incoming FTP connections
listen_port=60021
# the minimum port to allocate for PASV style data connections
pasv_min_port=62222
# the maximum port to allocate for PASV style data connections
pasv_max_port=63333
# controls whether PORT style data connections use port 20 (ftp-data)
connect_from_port_20=YES
# the umask for file creation
local_umask=022

#log
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

#remote client
pasv_enable=yes
pasv_address=YOUR_NETWORK_PUBLIC_ADDRESS
pasv_min_port=65000

2) create a text file containing your users and their passwords 

ex 

 user1

 user1pwd

 user2

 user2pwd

generate the db file that vsftp will use , your comand may be something like db4.8_load depending on what version you got installed

user@host#  db_load -T -t hash -f logins.txt /etc/vsftpd/virtual-users.db

remove your logins.txt file it is no longer needed 

start your server 

sudo /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf 

3) Configure your router 

 http://www.dslreports.com/forum/r4733382-HOW-TO-vsftpd-linux-and-linksys-router

HOW TO: vsftpd, linux and linksys router Recently I've got vsftpd running from behind my BEFSX41 both in PORT and PASV modes so I thought that I share my set-up since FTP servers are quite a hot topic here ;) My config: BEFSX41 1.43.4 (any BEFSx should be OK) vsftpd 1.1.1 (1.1.0 and up supports PASV from behind NAT, get it here: vsftpd.beasts.org ) RedHat 7.3 (any linux should be fine) Router set-up: Forward port 21 TCP on UPnP Forwarding page Forward ports 65000~65534 TCP on Port Range Forwarding Page (any range, it's up to you) vsftpd.conf set-up: pasv_enable=YES pasv_min_port=65000 (same range as on router) pasv_max_port=65534 pasv_address=100.100.100.100 (here comes your WAN IP) ...all other variables are set to default values And since I have dynamic WAN IP from my ISP here's a little script running from cron to update vsftpd.conf with current IP (I use free dynamic DNS service www.dynu.com ) code: #!/bin/sh #vsftpd.conf IP update by Brano vsftpd_conf=/etc/vsftpd.conf vsftpd_log=/var/log/vsftpd.log #change to your domain name in next line my_ip=`host your_host.dynu.com | cut -f4 -d" "` vsftpd_ip=`grep pasv_address $vsftpd_conf | cut -f2 -d=` if [ "$my_ip" != "$vsftpd_ip" ] ; then ( echo ",s/$vsftpd_ip/$my_ip/g" && echo w ) | ed - $vsftpd_conf echo `date` "$vsftpd_conf updated with $my_ip IP address" >> $vsftpd_log fi ...hope this helps to somebody :) My special thanks to Bill_MI

happy sharing