📅 February 6, 2018
FTP might have been around for a long time, but it remains a superb way to transfer files on a private LAN.
Fast and easy to set up, FTP (File Transfer Protocol) is something worth considering if you host files that must be accessed by nodes on your network. A local Ubuntu repository? Quick storage sharing? Maybe you need a quick and easy way to anonymously upload and download files from within Nemo or Filezilla? FTP can be configured for a variety of uses.
“But, but, but…FTP is not secure! Why would I use that?”
Yes, plain FTP transfers password and data for the viewing of anyone sniffing the network, but we are talking about a private LAN under your control. No Internet access. Of course, FTP traffic can be encrypted using SSL/TLS or SSH in order to make FTP secure.
For this project, we are going to use ProFTP to set up two virtual FTP servers in a Linux Mint virtual machine (VirtualBox) that allow anonymous logins and use SSL certificates for encryption. In addition, the ftp data will be stored on its own virtual hard drive. The practice gleaned here can be applied to real hardware.
Ready? Here is how it’s done.
This part covers the initial virtual environment setup. ProFTP setup details will be covered in the next part.
- Explanation and Overview
- Virtual Machine Setup
- Dedicated FTP Virtual Drive Image
- Install ProFTP
To run FTP, you must install an FTP server on the system you wish to connect to. In this example, we are using Linux Mint 18.3 MATE for the FTP server. Usually, an FTP server is not installed by default, so we must install that before FTP connections will work. File managers, such as Nemo and Nautilus, can act as FTP clients, so there is no need to install and FTP client unless you want to use certain features (SSL encryption) or use a proper FTP client containing extra bonuses, such as Filezilla.
Other FTP severs exists, such as vsftpd and Pure FTP. ProFTP allows an extensive array of configuration options that mimic the Apache server’s configuration, so if you are familiar with Apache, then ProFTP’s configuration is easier to understand. If not, then it is good exposure to learning the Apache-style directives.
In addition, there are a number of in-depth configuration directives involving security, SQL, LDAP, ratios, and almost anything else you might need to host an FTP server, so it can be tailored extensively.
What Are Virtual Hosts?
ProFTP supports virtual hosts, which are multiple virtual FTP servers running on the same machine using the same proftpd program. Yes, we can have more than one FTP server running by installing a single proftpd server.
This is accomplished by setting up VirtualHost directives in proftpd’s configuration (an easy process, so please do not feel intimidated). Each virtual host operates independently of the other but can be managed from the same configuration.
“Why would I want to do this? Isn’t one FTP server enough?”
Most of the time, a single FTP server on a single machine is all you need. Other times, you might want to create a common FTP server for the general masses on the default FTP port 21 but have other FTP servers dedicated to other tasks that only special users may access.
“What? Several FTP servers running on the same system? How do they share the same port 21?”
They don’t. All will share the same IP address of the same machine, but each virtual host must have a unique, unassigned port. For example, the common, general-usage FTP server might operate on port 21 normally, but you must assign the next virtual FTP host a different port, such as 4000. This could be your “secret” FTP server (true, not really secret). To log into the secret FTP server, you must specify the port as 4000. The masses need not specify port 21 for the common FTP server because port 21 is assumed to be FTP anyway.
By setting up ProFTP with virtual hosts to begin with, we can easily add and remove virtual hosts to and from ProFTP. Need another FTP server real quick? Just copy and paste the virtual host configuration, make a few changes, and keep the rest of the config file the same.
What Are We Building? Please Show Me A Picture
- VirtualBox. You can perform this on real hardware, and typically you would dedicate a machine just for the FTP server for better isolation and security. To simulate this, we are using a virtual machine. Other virtual machines should work. This example uses VirtualBox. At the time of this writing, I would recommend VirtualBox 5.2.4 instead of the newer 5.2.6 because 5.2.6 has buggy VirtualBox guest additions that can cause your VM not to boot if 3D acceleration is enabled in the VM settings. Version 5.2.4 works well. You would need to download and install the 5.2.7 guest additions to remedy the problems in 5.2.6, but this is extra work.
- Virtual hard drive (VDI). Again, this would normally be a dedicated hard drive in the FTP server system to keep the FTP data storage area separate from the operating system and user home data. We simulate this in a virtual machine by creating a second VDI (virtual disk image) and connecting it to the virtual machine.
- Linux Mint 18.3 MATE. Any Linux distribution should work. Linux Mint MATE has an easy-to-use GUI that runs well in a virtual machine. Pick what you like the best. proftpd runs inside this.
- proftpd. The FTP server software that supports virtual FTP servers. Freely available from the Ubuntu repositories.
Setting up the Virtual Machine
All FTP setup and configuration will occur in the virtual machine, not the host system (the system VirtualBox is running on). Download and install VirtualBox (free and fully-functional), and then install Linux Mint MATE in it. Make sure the VM (virtual machine) is bridged to your system’s network interface card so the two can communicate and ping each other.
You can even install the latest Ubuntu kernel in the Linux VM if using an Ubuntu-based distribution like Linux Mint. this example is running kernel 4.14.17, and it works great.
What are Host and Guest?
Host refers to your main system. It is the operating system that VirtualBox is running on. In this case, it is also a Linux Mint machine.
Guest refers to the virtual machine itself. You can have several guests running on a single host.
The arrangement used here is a type-2 hypervisor. VirtualBox is the hypervisor that runs on the Linux operating system, which communicates directly with the computer hardware.
There is another arrangement called a type-1 hypervisor (bare metal hypervisor), which is similar but operates on a different principle. A dedicated hypervisor program communicates directly with the hardware, and then multiple operating systems are installed on top of it. This is usually found in server arrangements, not desktop machines, and it is a different subject.
We are setting up a type-2 hypervisor arrangement to run the FTP server. The FTP system and proftpd setup is the same for both.
Ping Both Networks
This article assumes that your virtual machine is up and running following a basic installation. Now, assign a static IP address to the VM guest.
Step 1. Open the VirtualBox Network dialog for the guest and choose the matching network interface of your host system. In this case, the eth0 interface. Yours might vary. Choose
- Bridged Adapter
- eth0 (in this example)
- Check Cable Connected.
Step 2. Assign a static IP address to the guest VM. A server should always be located at a static IP address. The host should have a static IP too, but this is your choice. In the guest, open the network connections and assign or create a new Ethernet connection.
The host and the guest must exist on the same network. Since this example uses the class C private address 192.168.1.0/24 range, the host and guest IPs are as follows:
- Host IP: 192.168.1.10
- Guest IP: 192.168.1.30
If you want to update the guest, you might need to set the DNS servers also (or update first with a DHCP address assignment before changing it to a static IP address).
Test that both the host and the guest can talk to each other by pinging each other from a terminal.
From the guest:
From the host:
If both systems return successful replies, then congratulations! We are ready to move on. This networking overview is important because FTP is all about transferring files over a network, and it is best to ensure that the networking portion operates correctly for easier diagnostics.
Firewall Note: For default Linux installations, the firewall should not be an issue. PING and FTP should work. If you have custom firewall rules and pinging fails, then you might need to check you firewall.
The Dedicated FTP Hard Drive
Preferably, a dedicated hard drive should be used to store all FTP data and files to avoid lumping them together with the OS installation and user data. This allows better separation and easier management. By placing FTP data on a separate storage location, we can use LVM (logical volume management) or a RAID array without tampering with the OS installation.
We can do the same with VirtualBox by creating a new disk image. With the guest shutdown, open the guest’s Settings and choose Storage.
Select Controller: SATA, or whatever your configuration might be (add a new controller or more ports if you need to — many options), add click the tiny icon that adds a new hard disk.
You will be presented with dialogs to create a new virtual hard drive.
Once connected to the VM, start the guest. Linux will boot with the new virtual hard drive attached, but we cannot use it yet. Just like a real hard drive, we must format it from within the Linux guest.
Install gparted in the guest.
sudo apt install gparted
This lets us format the drive using a clear GUI. (We could use Disks or fdisk instead. Your option.) Open gparted.
Notice that the drive is unallocated. We need to create a partition table.
Go to Device > Create Partition Table.
Next, we must format the partition. Right-click the unallocated entry and select New.
Choose Primary Partition, use all of the space, give it the same label as the file name ftpdata (this is different from the VDI filename), and choose a file system. In this case, btrfs was chosen.
Make a Mount Point
We need to mount this new drive in its own mount point. Create one in /media.
sudo mkdir /media/ftpdata
The mount point should be the same as the drive label for easier recognition.
We want to mount this drive automatically upon starting the guest, so open /etc/fstab in a text editor.
sudo xed /etc/fstab
In a separate terminal, enter the command
to get the UUID (Universally Unique Identifier) for the drive we just formatted. We are going to mount by UUID instead of by /dev/sdb, which can change in some situations resulting in a non-mounted drive.
Several drives will be listed. Find the drive by label and device, and copy its UUID to the clipboard.
Back in /etc/fstab, enter UUID= on a new line and paste the UUID string after it on the same line (no double quotes). Follow it with the mount point (/media/ftpdata), file system (btrfs), defaults, 0, 0. The resulting line should look like this:
UUID=4f6ecb7d-326b-47c1-90f4-e230b9161c4c /media/ftpdata btrfs defaults 0 0
This will mount the drive automatically in /media/ftpdata mount point upon each system boot.
Test the Mount
Test that the mount is correct by running,
sudo mount -a
Open Disks and select the virtual drive (11GB VBOX HARDDISK). You should see the drive mounted as btrfs in /media/ftpdata similar to the screenshot below.
You can always reboot the guest to double check that the drive will automount upon boot.
In the guest, install proftpd-basic using Synaptic or the command line.
sudo apt install proftpd-basic
(You might want to do this before isolating the guest from the Internet if switching it to a static IP results in a loss of update ability.)
When asked during installation, choose standalone mode, not inetd. Certain directives require that proftpd operate in standalone mode.
This is the FTP server. In our arrangement, we will run the server in the guest and connect to it from a client running on the host.
Let us assume now that networking functions correctly, and the guest has been fully updated. We have the dedicated FTP drive mounted. ProFTP has been installed. At this point, you should be able to log into the guest from the host via an FTP client, such as Filezilla, but you must use an existing user account on the guest.
As an example, create a new standard user on the guest named zippy. Give him a password. Install and open Filezilla (or use any other FTP client you prefer — even Nemo works) on the host, and log into the guest using its static IP address (192.168.1.30 in this example).
By default, unencrypted port 21 is used, but we can edit /etc/proftpd/proftpd.conf to customize the FTP server. Right now, anonymous FTP does not work as a security precaution. All we have is a basic FTP server.
In the next part, we will configure ProFTP to handle anonymous logins with virtual hosts and SSL encryption.