Prerequisites:
1. open external firewall (cisco, linksys,…) ports 20, 21, 990 and port range 49500:50000 to the local FTP server 192.168.xx.yy
* port range ports can be random ports higher than 49151 and lower than 65535
2. open firewall for port 20,21,990 and port range 49500:50000 on ftp server
# vim /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20:21 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 20:21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 990 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 49500:50000 -j ACCEPT 3. in /etc/sysconfig/iptables-config add ip_nat_ftp and ip_conntrack_ftp
IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"Restart firewall
# /etc/sysconfig/iptables restart4. configure selinux
# setsebool -P ftp_home_dir on
5. add ftp users
# useradd ftpuser ftpuser1 ftpuser2
Install VSFTPD
1. install vsftpd
# yum install vsftpd
2. install certificate
# openssl req -x509 -nodes -days 1825 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
3. Configure VSFTPD
add or change lines in /etc/vsftpd/vsftpd.conf
# vim /etc/vsftpd/vsftpd.conf anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES ftpd_banner=Welcome to blabla FTP service. chroot_list_enable=NO chroot_list_file=/etc/vsftpd/chroot_list listen=YES log_ftp_protocol=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES pasv_enable=YES pasv_address=85.10.xx.zz (your public IP) pasv_max_port=49500 pasv_min_port=50000 ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem
4. Restart FTP server
# /etc/rc.d/init.d/vsftpd restart
Use ftp client wich support TLS AUTH to connect to the ftp server
I used mozilla plugin FireFTP or ftp-ssl (command line client)
URI:
http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29
http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html