This chapter will show you how to convert your Linux box into an FTP server using the VSFTP package. The RedHat software download site runs on VSFTP. By using Linux FTP Server users can easily share files in your network systems.

FTP Overview

File Transfer Protocol (FTP) is a common method of copying files between computer systems. Two TCP ports are used to do this:

FTP Control Channel – TCP Port 21

All commands you send and the ftp server’s responses to those commands will go over the control connection, but any data sent back (such as”ls” directory lists or actual file data in either direction)will go over the data connection.

FTP Data Channel – TCP Port 20

Used for all data sent between the client and server.

Active FTP

Active FTP works as follows:

o Your client connects to the FTP server by establishing an FTPcontrol connection to port 21 of the server. Your commands such as ‘ls’ and ‘get’ are sent over this connection.

o Whenever the client requests data over the control connection,the server initiates data transfer connections back to the client. The source port of these data transfer connections is always port 20 on the server,and the destination port is a high port on the client.

o Thus the ‘ls’ listing that you asked for comes back overthe “port 20 to high port connection”, not the port 21 control connection.

o FTP active mode data transfer therefore does this in a counter intuitive way to the TCP standard as it selects port 20 as it’s source port(not a random high port > 1024) and connects back to the client on a random high port that has been pre-negotiated on the port 21 control connection.

o Active FTP may fail in cases where the client is protected from the Internet via many to one NAT (masquerading). This is because the firewall will not know which of the many servers behind it should receive the return connection.

Passive FTP

Passive FTP works as follows:

o Your client connects to the FTP server by establishing a FTP control connection to port 21 of the server. Your commands such as ‘ls’ and ‘get’ are sent over that connection.

o Whenever the client requests data over the control connection,the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.

o Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers.

o Passive FTP works better for clients protected by a firewall as the client always initiates the required connections.

Problems With FTP And Firewalls

FTP frequently fails when the data has to pass through a firewall as FTP uses a wide range of unpredictable TCP ports and firewalls are designed to limit data flows to predictable TCP ports. There are ways to overcome this as explained in the following sections.

Client Protected By A Firewall Problem

Typically firewalls don’t let any incoming connections at all,this will frequently cause active FTP not to function. This type of FTP failure has the following symptoms:

o The active ftp connection appears to work when the client initiates an outbound connection to the server on port 21. The connection appears to hang as soon as you do an “ls” or a “dir” or a”get”. This is because the firewall is blocking the return connection from the server to the client. (From port 20 on the server to a high port on the client)

Solutions

Here are the general firewall rules you’ll need to allow FTP clients through a firewall:

Client Protectedby Firewall – Required Rules for FTP

*Many home based firewall/routers automatically allow traffic for already established connections. This rule may not be necessary in all cases.

** in some cases, you may want to allow all Internet users to have access, not just a specific client server or network.

Server Protected By A Firewall Problem

o Typically firewalls don’t let any connections come in at all. FTP server failure due to firewalls in which the active ftp connection from the client doesn’t appear to work at all

Solutions

Here are the general firewall rules you’ll need to allow FTP severs through a firewall

Server Protectedby Firewall – Required Rules for FTP

*Many home based firewall/routers automatically allow trafficfor already established connections. This rule may not be necessary in all cases.

** in some cases, you may want to allow all Internet users to have access, not just a specific client server or network.

How ToDownload And Install The VSFTP Package

· As explained previously, RedHatsoftware is installed using RPM packages. In version 8.0 of the operatingsystem, the VSFTP RPM file is named:

vsftpd-1.1.0-1.i386.rpm

Downloading and installing RPMs isn’t hard. If you need are fresher, the RPM chapter covers how to do this in detail.

· Now download the file to a directory such as /tmp and install it using the “rpm” command:

[root@bigboy tmp]# rpm -Uvh vsftpd-1.1.0-1.i386.rpm
Preparing… ########################################### [100%]
1:vsftpd     ###########################################[100%]

[root@bigboy tmp]#

How To Get VSFTP Started

The starting and stopping of VSFTP is controlled by xinetd via the /etc/xinetd.d/vsftpd file. VSFTP is deactivated by default, so you’ll have to edit this file to start the program. Make sure the contents look like this. The disable feature must be set to “no” to accept connections.

service ftp
{

disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10

}

You will then have to restart xinetd for these changes to take effect using the startup script in the /etc/init.d directory.

[root@aqua tmp]#  /etc/init.d/xinetd restart

Stopping xinetd: [  OK  ]

Starting xinetd: [  OK  ]

[root@aqua tmp]#

Naturally, to disable VSFTP once again, you’ll have to edit /etc/xinetd.d/vsftpd,set “disable” to “yes” and restart xinetd.

Testing To See If VSFTP Is Running

You can always test whether the VSFTP process is running byusing the netstat –a command which lists all the TCP and UDP ports on which the server is listening for traffic. The example below shows the expected output, there would be no output at all if VSFTP wasn’t running.

[root@bigboy root]# netstat -a | grep ftp
tcp       0       0       *:ftp        *:*        LISTEN
[root@bigboy root]#

What Is Anonymous FTP?

Anonymous FTP is used by web sites that need to exchange fileswith numerous unknown remote users. Common uses include downloading software updates and MP3s to uploading diagnostic information for a technical support engineer’s attention. Unlike regular FTP where you login with a user-specific username, anonymous FTP only requires a username of “anonymous” and your email address for the password. Once logged in to a VSFTP server, you’ll automatically have access to only the default anonymous FTP directory /var/ftpand all its subdirectories.

As seen in the chapter on RPMs, using anonymous FTP as a remote user is fairly straight forward. VSFTP can be configured to support user based and or anonymous FTP in its configuration  file.

The /etc/vsftpd.conf File

VSFTP only reads the contents of its /etc/vsftpd.conf configurationfile when it starts, so you’ll have to restart xinetd each time you edit the file in order for the changes to take effect.

This file uses a number of default settings you need to know.By default, VSFTP runs as an anonymous FTP server. Unless you want any remote user to log into to your default FTP directory using a username of “anonymous”and a password that’s the same as their email address, I would suggest turning this off. The configuration file’s anonymous_enable instruction can becommented out by using a “#” to disable this feature. You’ll also want to simultaneously enable local users to be able to log in by uncommenting the local_enable instruction.

By default VSFTP only allows anonymous FTP downloads to remote users, not uploads from them. Also by default, VSFTP doesn’t allow remote usersto create directories on your FTP server and it logs FTP access to the /var/log/vsftpd.loglog file.

The configuration file is fairly straight forward as you cansee in the snippet below. Remove/add the “#” at the beginning of theline to “activate/deactivate” the feature on each line.

# Allow anonymous FTP?
anonymous_enable=YES
…

…

# Uncomment this to allow local users to log in.
local_enable=YES
…

…

# Uncomment this to enable any form of FTP write command.

# (Needed even if you want local users to be able to uploadfiles)
write_enable=YES
…

…

# Uncomment to allow the anonymous FTP user to upload files. Thisonly
# has an effect if global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
…

…

# Uncomment this if you want the anonymous FTP user to be ableto create
# new directories.
#anon_mkdir_write_enable=YES
…

…

# Activate logging of uploads/downloads.
xferlog_enable=YES
…

…

# You may override where the log file goes if you like.

# The default is shown# below.
#xferlog_file=/var/log/vsftpd.log

FTP Security Issues

The /etc/vsftpd.ftpusersFile

For added security you may restrict FTP access to certain usersby adding them to the list of users in this file. Do not delete entries from the default list, it is best to add.

Anonymous Upload

If you want remote users to write data to your FTP server then it is recommended you create a write-only directory within /var/ftp/pub.This will allow your users to upload, but not access other files uploaded by other users. Here are the commands to do this:

[root@bigboy tmp]# mkdir /var/ftp/pub/upload
[root@bigboy tmp]# chmod 733 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in /etc/vsftpd.confto make it harder for malicious users to determine the type of system you have.

ftpd_banner= New Banner Here

Using SCP As SecureAlternative To FTP

One of the disadvantages of FTP is that it does not encryptyour username and password. This could make your user account vulnerable to an unauthorized attack from a person eavesdropping on the network connection.Secure Copy (SCP) provides encryption and could be considered as an alternative to FTP for trusted users. SCP however does not support anonymous services, a feature that FTP does.

Other related articles:

• Featured Living Room FIVE – It’s time to showcase another SnapStream Digital Living Room. This one was submitted to us by Jason C., Cisbmet1 on Flickr. He has a big screen TV with his entertainment components stacked neatly beside it in a glass case. …
• Ubuntu Linux FTP Server Setup Guide (ProFTPD) | JCortes Web – If you are a web designer, such as myself, you know the importance of having access to a web server through FTP. I just recently set up an FTP server on my.
• Linux Dedicated Server – Linux Dedicated Server For Uploading Sites Online Linux Mail Server, Linux Ftp Server, Linux Dns Server, Redhat Linux Ftp Server – Dns Server Configuration In Linux, Linux Dns Server Configuration- Li. read more …
• Setup and Secure a Linux FTP Server – 1 – LinuxIntro. com Linux Videos, Software, Linux Forums, Linux Installation, Linux Tutorials, Linux Lessons, howto, Wireless, Examples, Fedora, Ubuntu.
• Need help with logging into my Linux ftp server? – [12:35:34] SmartFTP v2.0.1002.2 [12:35:34] Resolving host name “**.***.***.***” [12:35:34] Connecting to **.***.***.*** Port: 22 [12:35:34] Connected to **.***.***.***. [12:35:34] SSH-1.99-OpenSSH_4.2 …
• How to setup a Linux ftp server with proftpd – How to setup a Linux ftp server with proftpd, installation and configuration.
• Your top ten linux commands – Your top ten linux commands, top 10 commands in your command history.

Having the ability to go wireless in your home or at the office is a great feature to have. Not only is it the freedom to be mobile, but also leaving your house wired free, and not having to route cables through drilled walls, shows another area where wireless is too good to miss out on. The freedom to roam your house from room to room, or even sit under the palm tree of your garden on a hot sunny day, proves there’s no going back from wireless network. However, because of the nature of the technology, wireless has a number of security issues we must be aware of And you will learn how to secure wireless network.

A neighbor, hacker or someone just by your home can easily detect your wireless network signals and attempt to connect to your wireless access point. This is because wireless network systems uses radio frequency and data travels through the air, though they do not need physical access to your router. This is where the security concern comes from.

So let’s get to the point. How bad could it be not secure wireless network?

The common stressing points we hear everyday regarding wireless security is the ability that an evil doer can easily sniff data, coming and going to your wireless access point. Also they will have the ability to use your router to browse the web just as you do… using your bandwidth.

It doesn’t really sound that bad… Does it?

Well how about if your neighbors or anyone on the street outside your home were using your wireless access point and taking part in illegal downloads, visiting illegal websites and generally using the web for criminal activity. Who do you think would get the blame? When you have the FBI busting through your door, and you’re quick to think your children are not as innocent as they claim to be, it may be a mountain for you to climb out of at this point.

The illegal downloads and criminal activity that was occurring from the next house on, was all under your ID. They were using your accesspoint which from the ISP point of view was coming from your home. Thisis what happened when you are not securing your wireless network.

To add to this, in a couple of months time when your bank statement arrives through the door showing you spent £3000 on a new TV, as well as purchasing a set of Golf clubs, it may just all be too late by then. A hacker could have easily sat outside your home and sniffed your bank details or any other confidential details you may have used when online, all from the comfort of their car or home.  All they need is a wireless laptop to do this, and sit within a range of your wireless network router, in other words somewhere outside your house!

Todays many wireless network router using linux as a tamper proof network security. Why? because linux is widely known as a stable operating system that can be configure to secure network also. by using linux you can have a better network security that you can control and monitor with ease.

Now this also goes for businesses with wireless access points as well and not just for home users. In fact it is so much more crucial for businesses because a hacker can break into their network via the access point, hacking into company confidential data!

Therefore secure wireless network today is crucial for all the reasons above. Identity theft today is on the rise, and hackers will go the distance looking for insecure wireless access points. For this reason you should take the time and ensure you have a secure wirelessnetwork.

Do You Need a Home Network Systems

Wireless gear is about the same price as is cabled network equipment; and a length of Cat 5 Ethernet cable costs no more than doesan audio cable. Both wireless and cabled networks have gotten better.The equipment now available has better documentation which makes iteasy even for the less than technically skilled to set up a home network. Everybody uses email now and is aware of a few networking terms (HTTP, ping, etc.).

Thousands of pages have been written about fraud and identity theft due to poor computer security, making people better informed about the issue. The biggest problem for many people is simply familiarizing themselves with the technical terms involved in networking; NICs,protocols and so on. So if you’re interested in building a home network, then get going and start connecting all of those computers in your home together. Learn more tips and information about ecommerce webhosting software here.

How to Build a Simple Home Network Systems

Many people have relatively uncomplicated needs for their home networks. You’re going to need Cat-5 (or Ethernet) cables for a wired network. If you plan to build a wireless network, you can skip the cables.

You’ll also need a switch or a router for all of these cables (or radio waves if it’s a wireless network) to connect to. A router is better and can handle internet connection sharing; it is almost a must for a home network. You’re also going to need Network Interface Cards(or NICs) in each computer, printer or any other device you want to be on the network. If you are building a wired network, you can use Ethernet equipment with 10MB or 100MB speeds. There is also Gigabit Ethernet, but this is prohibitively expensive for many building a home network.

On a home network, your IP addresses will look like 192.168.0.1 or 10.121.0.1.

If the router has the number 192.168.0.1, then computers and other device should be numbered 192.168.0.2, 192.168.0.3. Don’t assign the same address to two devices. You can also use linux to build a secure router for your home network.

Save Money by Setting Up a Home Network System

A Network Interface Card (NIC) will help you accomplish this.

Installing a network card is as easy as using it. If you are using a wireless system, your network card and router must also be wireless. Today most new computers are equipped with network cards already. There are several manufactures of network card. *3 Com: Producing network cards for the enterprise market. They provide secure type network cards with encryption, remote management, and server features.

*Broadcom: This company’s network cards are usually not visible on retailers shelves because they are already installed in other companies products.

Vital Office Network System Backup Data Recovery

Today’s companies rely almost entirely on their office network system to retain important and irreplaceable data. What happens in the case of a system failure, virus or weather disaster, after which critical data is lost permanently? If the unthinkable happens,companies who have trusted their office network installation company to perform the necessary backup measures can rest assured that their files are able to be recovered after a disaster.

How Common Is System Failure?

The best way to make sure that your company does not have to deal with lost data after an employee, office network or natural disaster is to perform regular file backups.

Office network installation companies recommend backing up data at the end of every workday, as well as performing a full system restore at least once a month to make sure the backup system is working.

Priyo Wibowo | IT Consultant

Introduction to Linux

Linux is an Open source operating system that widely use by many user. Linux known as open source operating system that means you can download all the source code and write your own. By using open source technic or copy left, linux by itself becoming more and more famous.Many people around the world helping each other to make linux a better operating system.

Until now linux development is still going on. We can see so many linux variant each one has their own power to their users. For example many student rely their PC on linux since the cost of operating system license is too expensive. Many company start migrating their systems toLinux environment as it is more stable and cheaper.

Organization use Linux as Server operating systems, desktop and many more. For network systems we use to protect network by using it as firewall and proxy server, and we also use it for bandwidth management so we can manage users bandwidth while accessing internet.

Linux is also been use as email server and database server, it’s cheap and reliable. Many major company rely their business on Linux system as it fast and cheap. Organization gain more benefit while moving their system to linux. For office productivity there is open office application that can be used to boost users productivity so they can keep productive as while they are using other Operating system.

Priyo Wibowo | IT Consultant

Other related articles:

• Patrick’s Day in Blarney – We were originally going to be walking in the St. Patrick’s Day Parade in Blarney but our son fell asleep a few minutes ago, and it wouldn’t be fair on him to.
• Focus Follows Eyes | A Fool’s Wisdom – Every time I’m frustrated that Mac OS X doesn’t have focus-follows-mouse, I think of Stevey Yegge’s “Settling the OS X focus-follows-mouse debate“, and remember that I’ll likely be waiting till focus follows eyes. …
• Simple MySQL Backup – If, like me, you have a database full of small tables, but all amounting to a large amount of data then dumping the data from it into a single file is handy, but not very useful when it comes to retrieving a backup of one single table. export d=`date +%u` mkdir -p backup/$d for i in `echo “show tables” | mysql -u username -ppassword database|grep -v Tables_in_`; do   echo $i; mysqldump –add-drop-table –allow-keywords -q -a -c -u username -ppassword database $i > backup/$d/$i. MySQL Optimization by Jeremy Z MySQL Optimization by Jeremy Zawodny at Yahoo.
• Web Expose » Blog Archive » Internet Explorer 7 on Linux – Sérgio from IEs4Linux wrote to say that the latest beta has fixed the black-box image problem, and also has no WGA requirements – so I think it’s best that everyone moves over to using his installer, as mine was a once-off and probably …
• WordPress on Debian Linux · supriyadisw dot net – This tutorial is how to install WordPress on Debian Linux . Installing WordPress on Debian? What for? Are there many easy ways to install WordPress on our server (Web hosting)? Eventually, We don’t need to know what distro that our …
• Review: Sabayon Linux – There is a newer distro in town, gaining traction. Sabayon Linux is an installable, Gentoo based live Cd/DVD. It has the stated goal of being 100% Gentoo compatible. A lot of attention has been paid to the Sabayon brand. …
• comment on scripting partition creation in linux using fdisk by vijay – thanks a lot it helped me too….

Introduction

Domain Name System (DNS) converts the name of a Web site (www.sekolahlinux.com) to an IP address. This step is important, because the IP address of a Web site’s server, not the Web site’s name, is used in routing traffic over the Internet. This blog will explain how to configure your own DNS server to help guide Web surfers to your site.

Introduction to DNS

Before you dig too deep in DNS, you need to understand a few foundation concepts on which the rest of the chapter will be built.

DNS Domains

Everyone in the world has a first name and a last, or family, name. The same thing is true in the DNS world: A family of Web sites can be loosely described a domain. For example, the domain sekolahlinux.com has a number of children, such as www.sekolahlinux.com and mail.sekolahlinux.com for the Web and mail servers, respectively.

BIND

BIND is an acronym for the Berkeley Internet Name Domain project, which is a group that maintains the DNS-related software suite that runs under Linux. The most well known program in BIND is named, the daemon that responds to DNS queries from remote machines.

DNS Clients

A DNS client doesn’t store DNS information; it must always refer to a DNS server to get it. The only DNS configuration file for a DNS client is the /etc/resolv.conf file, which defines the IP address of the DNS server it should use. You shouldn’t need to configure any other files. You’ll become well acquainted with the /etc/resolv.conf file soon.

Authoritative DNS Servers

Authoritative servers provide the definitive information for your DNS domain, such as the names of servers and Web sites in it. They are the last word in information related to your domain.

How DNS Servers Find Out Your Site Information

There are 13 root authoritative DNS servers (super duper authorities) that all DNS servers query first. These root servers know all the authoritative DNS servers for all the main domains – .com, .net, and the rest. This layer of servers keep track of all the DNS servers that Web site systems administrators have assigned for their sub domains.

For example, when you register your domain my-site.com, you are actually inserting a record on the .com DNS servers that point to the authoritative DNS servers you assigned for your domain. (You can also read more basic networking in network systems).

Other Related articles:

• SAP ECC installation on Linux with MaxDB – 1 « 翠花 – Tags: basis, dns, linux, maxdb, sap. This entry was posted on Tuesday, March 2nd, 2010 at 2:14 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, …
• How to flush DNS cache in Linux / Windows / Mac – Techie Corner – Tags: dns, dns cache, domain name server, flush dns, flush dns cache, Linux, linux flush dns, linux flush dns cache, Mac, mac flush dns, mac flush dns cache, nscd daemon, window flush dns, windows flush dns cache, winxp …
• Understanding DNS records « FlareHosting.com – Blog – This entry was posted on Tuesday, January 12th, 2010 at 12:32 pm and is filed under DNS, Linux, Systems Administration, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback …
• Optimize Your Internet Speed With Namebench DNS Benchmarking Tool … – Posted in Linux, Software, Ubuntu | Tags: browser, dns, faster browsing, fastest dns, Linux, mac, namebench, public dns, test, Ubuntu, windows. « How To Free Reserved Space On EXT4 Partitions …