Linksys AC Series Router Configuration Tips for OpenWRT: Difference between revisions
mNo edit summary |
|||
| Line 2,421: | Line 2,421: | ||
===vsFTPD=== | ===vsFTPD=== | ||
==== Installation ==== | ====Installation==== | ||
opkg update | opkg update | ||
| Line 2,493: | Line 2,493: | ||
</syntaxhighlight>In the above working example, of course replace W.X.Y.Z with an appropriate IP Address. Astute readers will notice all the file names that might generally start have "vsftpd" in their names instead have "vsftpd1". The reason for that is because the above working configuration file was used in a situation where a router is configured with two WAN interfaces, with two IP Addresses on two different networks. See the section on Dual WAN vsFTPD for additional information. | </syntaxhighlight>In the above working example, of course replace W.X.Y.Z with an appropriate IP Address. Astute readers will notice all the file names that might generally start have "vsftpd" in their names instead have "vsftpd1". The reason for that is because the above working configuration file was used in a situation where a router is configured with two WAN interfaces, with two IP Addresses on two different networks. See the section on Dual WAN vsFTPD for additional information. | ||
The /etc/vsftpd1.user_list contains a list of users that will be allowed to login if the userlist_enable=YES and userlist_deny=NO settings are present. | |||
==== Firewall ==== | NOTE 1: If any of the above referenced files (vsftpd1.user_list, etc.) are not present, the vsftpd service will start and appear to be functioning (PS, TOP, HTOP, etc. will all show it as running), but... There will be nothing displayed on client FTP software. | ||
NOTE 2: Users and Groups can be managed by editing the /etc/passwd (User File) and /etc/group (Group File). If Webmin (see below) is installed and properly configured, Users & Groups can be managed through its interface. The useradd command can be added with: opkg install shadow-useradd | |||
NOTE 3: Remember, OpenWRT also uses the /etc/shadow file to store user passwords with MD5 ($1) encryption. | |||
====Firewall==== | |||
Below are the pertienent settings for vsFTPD in the /etc/config/firewall file;<syntaxhighlight lang="text"> | Below are the pertienent settings for vsFTPD in the /etc/config/firewall file;<syntaxhighlight lang="text"> | ||
config rule | config rule | ||
| Line 2,525: | Line 2,531: | ||
</syntaxhighlight>And as usual, substitute a functional IP Address for W.X.Y.Z. The above configuration includes settings necessary for Passive FTP (see [[wikipedia:File_Transfer_Protocol#Communication_and_data_transfer|here]] for an explanation) used by clients behind a firewall. | </syntaxhighlight>And as usual, substitute a functional IP Address for W.X.Y.Z. The above configuration includes settings necessary for Passive FTP (see [[wikipedia:File_Transfer_Protocol#Communication_and_data_transfer|here]] for an explanation) used by clients behind a firewall. | ||
==== Internet Explorer Workaround ==== | ====Internet Explorer Workaround==== | ||
If one is using Internet Explorer's FTP capability, there will be an issue if userlist_enable=YES and userlist_deny=NO are set. Solution? Add the users 'anonymous' in the vsftpd.user_list file. Thanks to a top tip from a user named JAYCLEN here: https://bbs.archlinux.org/viewtopic.php?id=158184 | If one is using Internet Explorer's FTP capability, there will be an issue if userlist_enable=YES and userlist_deny=NO are set. Solution? Add the users 'anonymous' in the vsftpd.user_list file. Thanks to a top tip from a user named JAYCLEN here: https://bbs.archlinux.org/viewtopic.php?id=158184 | ||
====vsFTPD for a dual WAN router==== | |||
==== vsFTPD for a dual WAN router ==== | |||
According to documentation, the vsFTPD Service / Daemon can only "listen" on a single IP Address (listen_address=W.X.Y.Z). This also appears to apply to Passive FTP settings (pasv_address=W.X.Y.Z). There is a solution. Run multiple instances of vsFTPD. Easy to say, but a bit more complex to accomplish. | According to documentation, the vsFTPD Service / Daemon can only "listen" on a single IP Address (listen_address=W.X.Y.Z). This also appears to apply to Passive FTP settings (pasv_address=W.X.Y.Z). There is a solution. Run multiple instances of vsFTPD. Easy to say, but a bit more complex to accomplish. | ||
Because of the simplicity of the /etc/init.d/vsftpd startup script, it is not possible to use the same binary / executable File (/usr/sbin/vsftpd) for multiple vsFTPD instances. The solution is to create two symbolic links to the /usr/sbin/vsftpd binary / executable File. | Because of the simplicity of the /etc/init.d/vsftpd startup script, it is not possible to use the same binary / executable File (/usr/sbin/vsftpd) for multiple vsFTPD instances. The solution is to create two symbolic links to the /usr/sbin/vsftpd binary / executable File. | ||
* ln -s /usr/sbin/vsftpd /usr/sbin/vsftpd1 | *ln -s /usr/sbin/vsftpd /usr/sbin/vsftpd1 | ||
* ln -s /usr/sbin/vsftpd /usr/sbin/vsftpd2 | *ln -s /usr/sbin/vsftpd /usr/sbin/vsftpd2 | ||
This allows one to create two startup scripts in /etc/init.d for vsFTPD (vsftpd1 and vsftpd2) that contain the following (below is the vsftpd1 example);<syntaxhighlight lang="text"> | This allows one to create two startup scripts in /etc/init.d for vsFTPD (vsftpd1 and vsftpd2) that contain the following (below is the vsftpd1 example);<syntaxhighlight lang="text"> | ||
| Line 2,580: | Line 2,578: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
====CAUTION!==== | |||
*If the configuration of vsFTPD includes the use of userlist_enable or userlist_deny, make sure that the /etc/vsftpd.user_list File is created with VI or NANO as opposed to a Windows utility through Samba. The reason is vsFTPD will not be able to read the file properly if it contains CR/LF (Carriage Return / Line Feeds). | |||
*If one reads any documentation about the CentOS (possible others) version of vsFTPD, there are references to using the included "user_list" file and a custom named version of the file. After some experimentation, it was determined that it may not work in the fashion noted for the OpenWRT version of vsFTPD as it does for other platforms. Feel free to experiment. | |||
*It is worth repeating this warning: If any of the files (vsftpd1.user_list, etc.) referenced in a vsFTPD configuration file are not present, the vsftpd service will start and appear to be functioning (PS, TOP, HTOP, etc. will all show it as running), but... There will be nothing displayed on client FTP software. | |||
====Notes & Questions==== | |||
It seems very odd that the choice for FTP server that OpenWRT provides is vsFTPD as the latest version is half a decade old. Why not use something that still gets updated on a regular basis like ProFTPD? Perhaps the developers of OpenWRT are attempting to send a quiet message that FTP is not a good thing to use because it is not encrypted. But if that's the case, why not remove every FTP server package that doesn't contain SFTP (SSH FTP) or FTPS (SSL/TSL FTP) functionality? | |||
===Telnet=== | ===Telnet=== | ||