Create Anonymous Virtual Hosts with ProFTP – Part 1: Platform Setup

📅 February 6, 2018
Part 1

FTP might have been around for a long time, but it remains a superb way to transfer files on a private LAN.

Fast and easy to set up, FTP (File Transfer Protocol) is something worth considering if you host files that must be accessed by nodes on your network. A local Ubuntu repository? Quick storage sharing? Maybe you need a quick and easy way to anonymously upload and download files from within Nemo or Filezilla? FTP can be configured for a variety of uses.

“But, but, but…FTP is not secure! Why would I use that?”

Yes, plain FTP transfers password and data for the viewing of anyone sniffing the network, but we are talking about a private LAN under your control. No Internet access. Of course, FTP traffic can be encrypted using SSL/TLS or SSH in order to make FTP secure.

For this project, we are going to use ProFTP to set up two virtual FTP servers in a Linux Mint virtual machine (VirtualBox) that allow anonymous logins and use SSL certificates for encryption. In addition, the ftp data will be stored on its own virtual hard drive. The practice gleaned here can be applied to real hardware.

Ready? Here is how it’s done.

 

Part 1

This part covers the initial virtual environment setup. ProFTP setup details will be covered in the next part.

  • Explanation and Overview
  • Virtual Machine Setup
  • Networking
  • Dedicated FTP Virtual Drive Image
  • Install ProFTP

Why ProFTP?

To run FTP, you must install an FTP server on the system you wish to connect to. In this example, we are using Linux Mint 18.3 MATE for the FTP server. Usually, an FTP server is not installed by default, so we must install that before FTP connections will work. File managers, such as Nemo and Nautilus, can act as FTP clients, so there is no need to install and FTP client unless you want to use certain features (SSL encryption) or use a proper FTP client containing extra bonuses, such as Filezilla.

Other FTP severs exists, such as vsftpd and Pure FTP. ProFTP allows an extensive array of configuration options that mimic the Apache server’s configuration, so if you are familiar with Apache, then ProFTP’s configuration is easier to understand. If not, then it is good exposure to learning the Apache-style directives.

In addition, there are a number of in-depth configuration directives involving security, SQL, LDAP, ratios, and almost anything else you might need to host an FTP server, so it can be tailored extensively.

What Are Virtual Hosts?

ProFTP supports virtual hosts, which are multiple virtual FTP servers running on the same machine using the same proftpd program. Yes, we can have more than one FTP server running by installing a single proftpd server.

This is accomplished by setting up VirtualHost directives in proftpd’s configuration (an easy process, so please do not feel intimidated). Each virtual host operates independently of the other but can be managed from the same configuration.

“Why would I want to do this? Isn’t one FTP server enough?”

Most of the time, a single FTP server on a single machine is all you need. Other times, you might want to create a common FTP server for the general masses on the default FTP port 21 but have other FTP servers dedicated to other tasks that only special users may access.

“What? Several FTP servers running on the same system? How do they share the same port 21?”

They don’t. All will share the same IP address of the same machine, but each virtual host must have a unique, unassigned port. For example, the common, general-usage FTP server might operate on port 21 normally, but you must assign the next virtual FTP host a different port, such as 4000. This could be your “secret” FTP server (true, not really secret). To log into the secret FTP server, you must specify the port as 4000. The masses need not specify port 21 for the common FTP server because port 21 is assumed to be FTP anyway.

By setting up ProFTP with virtual hosts to begin with, we can easily add and remove virtual hosts to and from ProFTP. Need another FTP server real quick? Just copy and paste the virtual host configuration, make a few changes, and keep the rest of the config file the same.

What Are We Building? Please Show Me A Picture

Overview of the virtual FTP system. ProFTP runs two virtual hosts inside a virtual machine (running VirtualBox). This uses a dedicated virtual machine for hosting the FTP server. Management becomes easier when dedicating a system solely to FTP.

Components

  • VirtualBox. You can perform this on real hardware, and typically you would dedicate a machine just for the FTP server for better isolation and security. To simulate this, we are using a virtual machine. Other virtual machines should work. This example uses VirtualBox. At the time of this writing, I would recommend VirtualBox 5.2.4 instead of the newer 5.2.6 because 5.2.6 has buggy VirtualBox guest additions that can cause your VM not to boot if 3D acceleration is enabled in the VM settings. Version 5.2.4 works well. You would need to download and install the 5.2.7 guest additions to remedy the problems in 5.2.6, but this is extra work.
  • Virtual hard drive (VDI). Again, this would normally be a dedicated hard drive in the FTP server system to keep the FTP data storage area separate from the operating system and user home data. We simulate this in a virtual machine by creating a second VDI (virtual disk image) and connecting it to the virtual machine.
  • Linux Mint 18.3 MATE. Any Linux distribution should work. Linux Mint MATE has an easy-to-use GUI that runs well in a virtual machine. Pick what you like the best. proftpd runs inside this.
  • proftpd. The FTP server software that supports virtual FTP servers. Freely available from the Ubuntu repositories.

Setting up the Virtual Machine

All FTP setup and configuration will occur in the virtual machine, not the host system (the system VirtualBox is running on). Download and install VirtualBox (free and fully-functional), and then install Linux Mint MATE in it. Make sure the VM (virtual machine) is bridged to your system’s network interface card so the two can communicate and ping each other.

You can even install the latest Ubuntu kernel in the Linux VM if using an Ubuntu-based distribution like Linux Mint. this example is running kernel 4.14.17, and it works great.

Kernel 4.14.17 running in Linux Mint 18.3 MATE. When installing kernels, choose the matching platform of your system. Only three files are needed for the amd64 platform: all, headers generic, and image generic. Kernel installation requires a system reboot to take effect.

What are Host and Guest?

Host refers to your main system. It is the operating system that VirtualBox is running on. In this case, it is also a Linux Mint machine.

Guest refers to the virtual machine itself. You can have several guests running on a single host.

The arrangement used here is a type-2 hypervisor. VirtualBox is the hypervisor that runs on the Linux operating system, which communicates directly with the computer hardware.

There is another arrangement called a type-1 hypervisor (bare metal hypervisor), which is similar but operates on a different principle. A dedicated hypervisor program communicates directly with the hardware, and then multiple operating systems are installed on top of it. This is usually found in server arrangements, not desktop machines, and it is a different subject.

Difference between type-1 and type-2 hypervisors. In this project, we are using a type-2 hypervisor (VirtualBox) to host the FTP server.

We are setting up a type-2 hypervisor arrangement to run the FTP server. The FTP system and proftpd setup is the same for both.

Ping Both Networks

This article assumes that your virtual machine is up and running following a basic installation. Now, assign a static IP address to the VM guest.

Step 1. Open the VirtualBox Network dialog for the guest and choose the matching network interface of your host system. In this case, the eth0 interface. Yours might vary. Choose

  • Bridged Adapter
  • eth0 (in this example)
  • Check Cable Connected.

VirtualBox 5.2.4 Network Settings. This guest can now communicate with the host over the network.

Step 2. Assign a static IP address to the guest VM. A server should always be located at a static IP address. The host should have a static IP too, but this is your choice. In the guest, open the network connections and assign or create a new Ethernet connection.

Linux Mint MATE Network Connections. After installation, Wired connection 1 appears, and it is set to DHCP. We need to change that to a static IP address, so click Edit.

Go to the IPv4 Settings tab and select Manual for the Method dropdown list. this sets a static IP address. DNS entries may be left blank for this unless you want to connect the guest to the Internet. This may be required if you need to perform updates or install software from repositories.

The host and the guest must exist on the same network. Since this example uses the class C private address 192.168.1.0/24 range, the host and guest IPs are as follows:

  • Host IP: 192.168.1.10
  • Guest IP: 192.168.1.30

If you want to update the guest, you might need to set the DNS servers also (or update first with a DHCP address assignment before changing it to  a static IP address).

Test that both the host and the guest can talk to each other by pinging each other from a terminal.

From the guest:

ping 192.168.1.10

From the host:

ping 192.168.1.30

If the host and guest can ping each other, then FTP will work.

If both systems return successful replies, then congratulations! We are ready to move on. This networking overview is important because FTP is all about transferring files over a network, and it is best to ensure that the networking portion operates correctly for easier diagnostics.

Firewall Note: For default Linux installations, the firewall should not be an issue. PING and FTP should work. If you have custom firewall rules and pinging fails, then you might need to check you firewall.

The Dedicated FTP Hard Drive

Preferably, a dedicated hard drive should be used to store all FTP data and files to avoid lumping them together with the OS installation and user data. This allows better separation and easier management. By placing FTP data on a separate storage location, we can use LVM (logical volume management) or a RAID array without tampering with the OS installation.

We can do the same with VirtualBox by creating a new disk image. With the guest shutdown, open the guest’s Settings and choose Storage.

VirtualBox Storage Settings for the Linux Mint 18.3 MATE FTP guest. Shown with a virtual drive already created and connected to the virtual SATA controller.

Select Controller: SATA, or whatever your configuration might be (add a new controller or more ports if you need to — many options), add click the tiny icon that adds a new hard disk.

To add a new hard disk, highlight the controller (Controller: SATA here), and click the small, blue +Hard Disk icon. New controllers can be added to the virtual machine, and you can increase the number of SATA ports (the default is two) on the virtual motherboard to attach more drives in case you need them.

You will be presented with dialogs to create a new virtual hard drive.

Choose VDI for the hard disk type. Make sure to choose the Dynamically allocated option in the next dialog. This allows the VDI file to grow as more data is added in order to avoid consuming too much real disk space immediately after the drive image is created.

Here is where we select the size and filename. This VDI file was named ftpdata for easy recognition. 10G was plenty for this exercise.

Once connected to the VM, start the guest. Linux will boot with the new virtual hard drive attached, but we cannot use it yet. Just like a real hard drive, we must format it from within the Linux guest.

Install gparted in the guest.

sudo apt install gparted

This lets us format the drive using a clear GUI. (We could use Disks or fdisk instead. Your option.) Open gparted.

gparted showing the new virtual drive as /dev/sdc (for this example).

Notice that the drive is unallocated. We need to create a partition table.

Just like a real hard drive, the virtual drive requires a partition table.

Go to Device > Create Partition Table.

 

Choose the msdos option and click apply. What we are doing is the same for any other new hard drive added to a Linux system. The only difference is that mistakes are forgiven in a virtual machine…especially if you are taking snapshots.

Next, we must format the partition. Right-click the unallocated entry and select New.

Choose Primary Partition, use all of the space, give it the same label as the file name ftpdata (this is different from the VDI filename), and choose a file system. In this case, btrfs was chosen.

 

gparted in the Linux Mint MATE guest. The ftpdata virtual drive appears as /dev/sdb due to a change during editing, but the result is the same. Formatted as btrfs and ready for use. Notice that there is a mount point in this screenshot. Let’s do that next.

Make a Mount Point

We need to mount this new drive in its own mount point. Create one in /media.

sudo mkdir /media/ftpdata

The mount point should be the same as the drive label for easier recognition.

Edit /etc/fstab

We want to mount this drive automatically upon starting the guest, so open /etc/fstab in a text editor.

sudo xed /etc/fstab

In a separate terminal, enter the command

blkid

to get the UUID (Universally Unique Identifier) for the drive we just formatted. We are going to mount by UUID instead of by /dev/sdb, which can change in some situations resulting in a non-mounted drive.

Several drives will be listed. Find the drive by label and device, and copy its UUID to the clipboard.

The UUIDs of all drives will appear using the blkid command. The ftpdata drive is noted by device /dev/sdb1 and the label ftpdata. (The other two are the system and swap partitions.) Copy the first UUID string of ftpdata, not its second UUID_SUB string. Ignore the double quotes.

Back in /etc/fstab, enter UUID= on a new line and paste the UUID string after it on the same line (no double quotes). Follow it with the mount point (/media/ftpdata), file system (btrfs), defaults, 0, 0. The resulting line should look like this:

UUID=4f6ecb7d-326b-47c1-90f4-e230b9161c4c /media/ftpdata btrfs defaults 0 0

This will mount the drive automatically in /media/ftpdata mount point upon each system boot.

Test the Mount

Test that the mount is correct by running,

sudo mount -a

Open Disks and select the virtual drive (11GB VBOX HARDDISK). You should see the drive mounted as btrfs in /media/ftpdata similar to the screenshot below.

Disks in Linux Mint MATE guest. VBOX HARDDISK(1.0)  11GB is the ftpdata virtual drive. This shows that the drive is mounted and ready for use.

You can always reboot the guest to double check that the drive will automount upon boot.

 

Install ProFTP

In the guest, install proftpd-basic using Synaptic or the command line.

sudo apt install proftpd-basic

(You might want to do this before isolating the guest from the Internet if switching it to a static IP results in a loss of update ability.)

When asked during installation, choose standalone mode, not inetd. Certain directives require that proftpd operate in standalone mode.

This is the FTP server. In our arrangement, we will run the server in the guest and connect to it from a client running on the host.

Even though we are using virtualization to host the FTP server, the systems treat the process as a remote connection as if using real hardware.

What’s Next?

Let us assume now that networking functions correctly, and the guest has been fully updated. We have the dedicated FTP drive mounted. ProFTP has been installed. At this point, you should be able to log into the guest from the host via an FTP client, such as Filezilla, but you must use an existing user account on the guest.

As an example, create a new standard user on the guest named zippy. Give him a password. Install and open Filezilla (or use any other FTP client you prefer — even Nemo works) on the host, and log into the guest using its static IP address (192.168.1.30 in this example).

Filezilla on the host logged in as user zippy located on the guest via FTP.

By default, unencrypted port 21 is used, but we can edit /etc/proftpd/proftpd.conf to customize the FTP server. Right now, anonymous FTP does not work as a security precaution. All we have is a basic FTP server.

In the next part, we will configure ProFTP to handle anonymous logins with virtual hosts and SSL encryption.

 

Advertisements

, ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: