Active FTP Passive FTP

FTP (File Transfer Protocol) Server in Linux

FTP (File Transfer Protocol) Server

The File Transfer Protocol ( FTP ) is one of the most common means of copying files between servers over the Internet. Most Web-based download sites use the built-in FTP capabilities of Web browsers, and, therefore, most server oriented operating systems usually include an FTP server application as part of the software suite. Linux is no exception.

FTP OVERVIEW

  • FTP relies on a pair of TCP ports to get the job done. It operates using two connection channels.
  • FTP control channel, TCP Port 21: All commands you send, as well as the FTP server’s responses to those commands, go over the control connection, but any data sent back (such as ls directory lists or actual file data in either direction) will go over the data connection.
  • FTP data channel, TCP Port 20: This port is used for all subsequent data transfers between the client and server.

Profile of FTP Server

  • Usage: FTP ( File Transfer Protocol) is used for uploading and downloading the files.
  • Disadvantage: Directory cannot be uploaded or downloaded.
  • Package: Vsftpd
  • Daemon: vsftpd (Very Secure Ftp daemon)
  • Script: /etc/initd/vsftpd
  • Port no: 21 (Tcp) > 1024 (Udp, Random)
  • Document Root: /var/ftp
  • Home directory: /var/ftp (which is created only when the package is installed)

Configuration files :

  • /etc/vsftpd/vsftpd.conf
  • /etc/vsftpd/user_list
  • /etc/vsftpd/ftpuser
  • /etc/pam.d/vsftpd

Types of FTP (File Transfer Protocol)

Active FTP Passive FTP

From a networking perspective, there are two types of FTP. They are:

  1. Active FTP
  2. Passive FTP
  • In Active FTP, the FTP server initiates a data transfer connection back to the client.
  • For Passive FTP, the connection is initiated from the FTP client.

Active FTP:

The sequence of events for active FTP is:

  1. Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as ls and get are sent over this connection.
  2. Whenever the client requests data over the control connection, the server initiates data transfer connections back to the client. The source port of these data transfer connections is always port 20 on the server, and the destination port is a high port (greater than 1024) on the client.

Active FTP Connection

Active FTP connection mode is where Command connection is initiated by the Client, and the Data connection is initiated by the Server. And as the server actively establishes the data connection with the Client, this mode is referred to as Active. The Client opens up a port higher than 1024, and through it connects to the port 21 or the command port of the Server. Then the Server opens up its port 20 and establishes a data connection to a port higher than 1024 of the Client. In this mode, the Client must set its firewall settings to accept all the incoming connections that are received at the opened port.

Passive FTP:

Passive FTP works differently:

  • Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as ls and get are sent over that connection.
  • Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.

Passive FTP Connection

In the Passive FTP connection mode, the server acts entirely passively as the Command connection and the Data connection are both initiated and established by the Client. In this mode, Server listens for incoming requests through its port 21 (command port), and when a request is received for a data connection from the Client (using a high port), Server randomly opens up one of its High ports. Then Client initiates a data connection between the opened port of the Server and its own randomly selected port higher than 1024. In this mode, the Client does not have to change its firewall settings, as it only requires outgoing connections and the firewall do not block outgoing connections. However, the Server administrators must make sure that the Server allows incoming connections at all its opened ports.

What is the difference between Active FTP and Passive FTP?

The difference between the Active FTP and Passive FTP is based on who initiates the Data connection between the Server and the Client. If data connection is initiated by the Server, the FTP connection is active, and if the Client initiates the Data connection, the FTP connection is passive.

Depending on the Active or Passive mode of the connection, the port used for Data connection changes. In an Active FTP, a data connection is established between port 20 of the Server and the High Port of the Client. On the other hand, in Passive FTP, a data connection is established between a High port of the Server and a High port of the Client.

When using an Active FTP connection, firewall settings of the Client must be changed to accept all incoming connections to the Client, while in Passive FTP connection, the Server must allow all incoming connections to the Server. Most FTP servers prefer the Passive FTP connection due to security issues.

Steps to configuring FTP server for downloading a file:

  1. Install the Package.
  2. Create some files in /var/ftp/pub directory.
  3. Restart the service.
  4. Make the service enable even after a reboot of the system.
  5. Connect from the client and access the files and download them.

Step 1: Install the Package

Install the package using yum or rpm command.

# yum install vsftpd* -y

Check the installation completed successfully or not by using the below Command.

# rpm –q vsftpd

Step2: Copy or create some files in “/var/ftp/pub” directory

Navigate to /var/ftp/pub directory and create some files in it

# cd /var/ftp/pub

#touch file {1..5}

Step3: Restart the FTP service

Restart the FTP Service by using the below command.

# service vsftpd restart

Step4: Make the service enable even after a reboot of the system

To make a service enable to use the following command.

# chkconfig vsftpd on

Step5: Connect from the client and access the files and download it

  • To access the FTP server, the client should have an “FTP” package installed. If not installed, install it using rpm, because yum will not work if the FTP package is not installed.
  • Check whether the FTP package is installed or not by using the below Command.

# rpm –q ftp

  • To install the FTP package, either download it from the red hat website or install it if you have already.
  • Move to the package folder and installed it by using the below command line.

# rpm –ivh <package name>

  • Check it by using the below command.

# rpm –q ftp

  • Now connect to ftp server using its IP.
  • To connect to ftp server use the following command.

# ftp <ftp server’s IP>

# ftp 192.168.10.93

  • Use “FTP or anonymous” as login name
  • Press enter without giving any password
  • Navigate to the pub directory and check the files available.

# cd pub

  • when you run ls command you can see that it showing that we are using Passive mode.
  • Download some files using get or mget command.
  • To download files using the following command.

# get <file name> for single file

# mget <file names> for multiple files

  • Before going for mget turn off the interactive mode, otherwise, it will ask permission for every file you are downloading. Use # prompt command to turn off the interactive mode.
  • Exit the FTP server and check whether the files are there or not.
  • To exit the FTP server use the below commands.

# bye or # quit

  • To connect to the FTP server graphically open a web browser like firefox type the FTP server’s IP address as follows.

ftp://192.168.10.93

Configuring the FTP server for uploading a file

To upload the files in the FTP server the steps are:

Step1: Create an upload dir in the document root of FTP server i.e., /var/FTP

# mkdir upload

Step2: Change the group to “FTP” and write permission to the “upload” directory.

  • Changing the group of upload to FTP

# chgrp <group name> <directory name>

# chgrp ftp upload

  • Adding the write permission to upload directory

# chmod g+w upload

Step3: Log into the client machine, access the FTP server, and try to upload some files.

  • Log in to the client machine and access the FTP server from the directory in which the files to be uploaded are there.
  • Navigate to upload directory and try to upload some files Once you logged into FTP and if you are not sure what is names of the files you want to upload then use the “# !ls” command to see the content of the directory from which you have logged into FTP server.
  • Some times “Permission denied” comes because the upload permission in the FTP configuration file is not enabled in the FTP server. So, navigate to the FTP configuration file and change the following attributes in it.

# vim /etc/vsftpd/vsftpd.conf

  • Uncomment (remove the #) the last line.
  • Restart the FTP service by using the below command.

# service vsftpd restart

Step4: Again login to the client system and try again to upload the files into FTP server

  • If the SELinux is enabled in the FTP server, this error “Could not Create file” will be displayed. To solve the above error log into the server and change the following permission.
  • Check the Booleans for FTP using the following command

# getsebool –a |grep ftp

  • Make the above Boolean value as “on”
  • To make it on using the following command

# setsebool –P allow_ftpd_anon_write on

  • Add read-write permission in the context of upload directory using the following command

# chcon –t public_content_rw_t

  • Finally, login into the client machine, access the FTP server, and try uploading the files in it.

Allowing root access to the FTP server

By default root user is blocked to be used in FTP user, try logging with root in FTP server

  • To Allow the root access to FTP server edit the “/etc/vsftpd/user_list” and “/etc/vsftpd/ftpuser” and just add the comment (#mark) before “root”

# vim /etc/vsftpd/user_list

# vim /etc/vsftpd/ftpuser

  • Restart the service by using the below command

# service ftp restart

  • Now try login from the client into FTP server as root
  • Though everything right, still it is not allowing us to login as root because the home dir is not able to change. It is again because of SELinux.
  • To solve the above problem, login to the FTP server and change the following Boolean for FTP.
  • Change the Boolean value to on for ftp_home_dir by the following command.

# setsebool –P ftp_home_dir on

  • Try logging again as root in FTP server
  • When you are working on the FTP server prior to this you have to check iptables status & SELINUX status.

# service iptables status

# getenforce

  • In case both are up means u have turnoff the iptables & disable the SELinux.

# service iptables stop

# setenforce 0

Leave a Comment

Your email address will not be published. Required fields are marked *