Line 1: |
Line 1: |
− | {{WIP box|}} | + | In short SME uses port 21 for FTP. Default mode used is passive. To use it you will need a custom template and enabling ports (PassivePort 44900:44950 https://bugs.koozali.org/show_bug.cgi?id=12454). Starting SME10, ftp default is to use explicit TLS over ftp (FTPs explicite) Easy filezilla connexion to SME would use url with FTPES://.{{WIP box|}} |
| | | |
| SME Server offers a ftp server, which is Proftpd. If enabled it allows you to access to the Primary ibay files folder with anonymous access, and to any content your user is allowed, if authenticated, inside /home/e-smith/files. | | SME Server offers a ftp server, which is Proftpd. If enabled it allows you to access to the Primary ibay files folder with anonymous access, and to any content your user is allowed, if authenticated, inside /home/e-smith/files. |
Line 33: |
Line 33: |
| * FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server) | | * FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server) |
| * FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port) | | * FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port) |
| + | |
| + | |
| + | note port 20 does not need to be open inward on SME, as it is only used to send from SME, however if you have a restrictive firewall between Internet and SME limiting outgoing connection you need to open port 20 to be able to do active ftp. http://www.proftpd.org/docs/howto/AWS.html |
| | | |
| ==== Examples ==== | | ==== Examples ==== |
Line 44: |
Line 47: |
| Active mode will not work because the NAT will mostly hide the client port. | | Active mode will not work because the NAT will mostly hide the client port. |
| | | |
− | Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall and in your firewall between you SME and Internet. You will also need a template custom to add MasqueradeAddress (http://www.proftpd.org/docs/modules/mod_core.html#MasqueradeAddress). | + | Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall and in your firewall between you SME and Internet. You might also need a template custom to add MasqueradeAddress (http://www.proftpd.org/docs/modules/mod_core.html#MasqueradeAddress). |
| | | |
| ===== SME is server-gateway connected to Internet - Client is remote directly connected to the Internet ===== | | ===== SME is server-gateway connected to Internet - Client is remote directly connected to the Internet ===== |
− | Active mode will not work because the NAT will mostly hide the client port. | + | Active mode will work. |
| | | |
| Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall. | | Passive mode will need to use the <code>PassivePorts</code> directive in your <code>proftpd.conf</code> to control what ports <code>proftpd</code> will use for its passive data transfers, and you will need to open those port in your SME firewall. |
Line 54: |
Line 57: |
| '''SME 10 and above uses explicit SSL mode for FTPs''' over port 21 only and does not need port 990. <u>The client must explicitly request for SSL/TLS to be able to go on</u>. | | '''SME 10 and above uses explicit SSL mode for FTPs''' over port 21 only and does not need port 990. <u>The client must explicitly request for SSL/TLS to be able to go on</u>. |
| | | |
− | FTPS (FTP over TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990). | + | FTPS (FTP over TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). |
| + | |
| + | In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990). |
| | | |
| == FTP configuration options in SME == | | == FTP configuration options in SME == |
Line 107: |
Line 112: |
| [https://bugs.koozali.org/show_bug.cgi?id=12454 PassivePorts support bug] | | [https://bugs.koozali.org/show_bug.cgi?id=12454 PassivePorts support bug] |
| | | |
− | * template to use PassivePort 44900:44950 | + | * template to use PassivePort 44900:44950 https://bugs.koozali.org/show_bug.cgi?id=12454 |
| * template to add those ports in the the SME Firewall | | * template to add those ports in the the SME Firewall |
− | * template to add port 20
| |
| * http://www.proftpd.org/docs/modules/mod_core.html#MasqueradeAddress Virtualhost vs Class see http://www.proftpd.org/docs/howto/NAT.html | | * http://www.proftpd.org/docs/modules/mod_core.html#MasqueradeAddress Virtualhost vs Class see http://www.proftpd.org/docs/howto/NAT.html |
| * http://www.proftpd.org/docs/howto/FXP.html | | * http://www.proftpd.org/docs/howto/FXP.html |