Anonymous FTP – FTP Server Setup Complete Guide

Welcome to Linux FTP server setup tutorial. We are going to setup an anonymous FTP server.

Linux (CentOS 6) powered FTP server which support anonymous users, no password needed to access FTP.

yum -y update

yum -y install nano wget

Set the network in your local network DHCP.

nano /etc/sysconfig/network-scripts/ifcfg-eth0

Now, install the FTP server.

yum install vsftpd

After installation we should edit the vsftpd configuration file.

cat /dev/null > /etc/vsftpd/vsftpd.conf

nano /etc/vsftpd/vsftpd.conf

Paste the below codes/lines in the configuration file.

listen=YES
no_anon_password=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
delete_failed_uploads=YES
anon_umask=0
pasv_enable=YES
pasv_min_port=49152
pasv_max_port=65534
# deny_file=(*.mp3, *.mov, *.avi, *.docx, .private)

Setup file permissions.

chmod u-w /var/ftp

chmod 777/var/ftp/pub/

chown ftp:ftp /var/ftp/pub/

Now is the time to start vsftpd.

service vsftpd restart

chkconfig vsftpd on

Check the ftp service list.

chkconfig --list vsftpd

The result will look like the following:

vsftpd       0:off   1:off   2:on   3:on   4:on   5:on   6:off

Now check the Firewall status.

cat /etc/sysconfig/iptables-config | grep IPTABLES_MODULES

The result will look like the following:

IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"

echo ‘IPTABLES_MODULES=”ip_conntrack_ftp”‘ >> /etc/sysconfig/iptables-config

cat /etc/sysconfig/iptables-config | grep IPTABLES_MODULES

The result will look like the following:

IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_MODULES="ip_conntrack_ftp"

Now create a Firewall configuration startup file.

nano /root/iptables.sh

Paste the below codes/line in the firewall file.

#!/bin/sh

iptables --flush
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# iptables allow ftp-data, ftp-control, ftp-data-pasv ports
iptables -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 49152:65534 -j ACCEPT

# allow ssh
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

/sbin/iptables-save > /etc/sysconfig/iptables
chmod go-r /etc/sysconfig/iptables
service iptables restart

Set firewall file permission.

cd /root/
chmod +x iptables.sh
./iptables.sh

The result will look like the following:

iptables: Setting chains to policy ACCEPT: filter [OK]
iptables: Flushing firewall rules: [OK]
iptables: Unloading modules: [OK]
iptables: Applying firewall rules: [OK]
iptables: Loading additional modules: ip_conntrack_ftp [OK]

Now, review and set EBOOL.

getsebool -a | grep ftp

The result will show as:

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_use_fusesf --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cisf --> off
tftp_use_nfs --> off

Set EBOOL to ON state.

setsebool -P allow_ftpd_full_access on

And restart ftpd.

service ftpd restart

You can also reboot the server here.

And done…

Your FTP is ready on ftp://192.168.xx.xx/pub/

If you need to add more storages to your FTP storage, follow the disk management step at https://featout.com/prepare-additional-disk-centos/