freeFTPD
Image by Micah68 via FlickrRecently, we needed the ability to expose the FTP service to another client, and the documents that we'd be receiving would be arriving in an un-encrypted form, unlike our other clients.
I decided I could simply enable FTPS, the SSL enabled FTP protocol and open a port to 990 on my ASA 5525 Security Appliance and NAT traffic to our server. Unfortunately I quickly found out that a passive FTPS server behind my firewall won't work without some specific configuration changes as discussed in this article.
With all that fussing around, I decided to check out freeFTPd, a single deamon that offers both FTP and SFTP, not to be confused with FTPS, but the secure file transfer protocol that is common to the SSH (secure shell) protocol.
It's fairly straight forward, but is a bit quirky and the documentation is non-existent. Follow some of my tips below to ensure a good working server, with the freeFTPd starting reliably as a service.
GUI vs Service
- The SERVER is the state used when starting FTP and SFTP via the GUI.
- The SERVICE is when FTP and SFTP is started as a Windows Service.
Apply Configuration Changes Often
The best tip is while you are using the GUI to configure the service, click Apply often, and ESPECIALLY after you start the service.Evidently the last state the server was in is the one the service will restore it to. So if you had the FTP service stopped, configured home dir's for users, etc, etc, and clicked APPLY and THEN started the service, do not expect your FTP server to be started for you when your server reboots.
Don't Rely on Windows Service
For some reason unknown to me or others, the freeFTPd service doesn't start reliably upon windows restart for some of us.Instead, set this service to start Manually instead of Automatic, and use something like the following in a batch file to start your service a bit late, and let you know if it failed if you've got IIS SMTP service installed somewhere.
@ECHO OFF :: ////////////////////////////////////////////// :: :: Set the log file location @SET _LOG="C:\Program Files\freeFTPd\ftpstartup.log" ECHO ------------------------------------------------ >> %_LOG% ECHO -- START %DATE% - %TIME% -- >> %_LOG% ECHO ------------------------------------------------ >> %_LOG% :: ////////////////////////////////////////////// :: :: Write the sleep operation to the log and sleep ECHO Sleeping 30 seconds >> %_LOG% SLEEP 30 :: ////////////////////////////////////////////// :: :: Start the service and log it ECHO Starting service >> %_LOG% NET START freeFTPDService >> %_LOG% :: ////////////////////////////////////////////// :: :: Look for the services listening on our ports ECHO Looking for FTP Listener... >> %_LOG% netstat -anp TCP | findstr /R /C:"[ ]*TCP[ ]*10.0.0.12:21[ ]*" IF %ERRORLEVEL% NEQ 0 (@SET _ERR=%ERRORLEVEL% & @SET _MSG=FTP SERVICE NOT LISTENING ON PORT 21. & GOTO FAILED) ELSE (ECHO FTP Operational. >> %_LOG%) netstat -anp TCP | findstr /R /C:"[ ]*TCP[ ]*10.0.0.12:22[ ]*" IF %ERRORLEVEL% NEQ 0 (@SET _ERR=%ERRORLEVEL% & @SET _MSG=SFTP SERVICE NOT LISTENING ON PORT 22. & GOTO FAILED) ELSE (ECHO SFTP Operational. >> %_LOG%) GOTO END :: ////////////////////////////////////////////// :: :: If this fails, log it and send a notification :FAILED ECHO #### %_MSG% >> %_LOG% GOTO SENDMAIL :SENDMAIL :: ////////////////////////////////////////////// :: :: Set the temp file location SET _TEMPMAIL=%TEMP%\TEMPMAIL.%RANDOM%.TXT :: ////////////////////////////////////////////// :: :: Echo the basic headers to the temp file ECHO TO: "Croson, John" ^<mine@DOMAIN.COM^> > %_TEMPMAIL% ECHO CC: "Demarais, David" ^<his@DOMAIN.COM^>,"Hayssen, Jill" ^<hers@DOMAIN.COM^> >> %_TEMPMAIL% ECHO FROM: "IHBS Administrator" ^<ADMIN@DOMAIN.TLD^> >> %_TEMPMAIL% ECHO SUBJECT: SERVICE FAILURE >> %_TEMPMAIL% :: ////////////////////////////////////////////// :: :: Echo the blank line that separates the header from the body text ECHO.>>%_TEMPMAIL% :: ////////////////////////////////////////////// :: :: Echo the body text to the temp file ECHO %_MSG% >> %_TEMPMAIL% ECHO Check %_LOG% for details.>> %_TEMPMAIL% :: ////////////////////////////////////////////// :: :: Move the temp file to the mail pickup directory MOVE %_TEMPMAIL% C:\INETPUB\MAILROOT\PICKUP EXIT :ENDFrom start run, open mmc, add/remove snap-in, and add the Group Policy Object Editor for the local computer. Go to Local Computer Policy --> Computer Configuration --> Windows Settings --> Scripts (Startup/Shutdown). Open the startup script and add the file you saved above. Apply the setting.
Keep an eye on this log to make sure your service starts. You may have to tweak the sleep time to get this to work. This works well for me on a Windows 2000 Server SP4.
Mapped Drives
I've configured two users. One I can get to use a mapped drive on the server (H), and the other I cannot (Z). Might be the letter, but I was able to work around that by using UNC (\\server\folder). Your mileage WILL vary.Hope this helps someone else scratching their head as hard as I was!
![Reblog this post [with Zemanta]](https://img.zemanta.com/reblog_e.png?x-id=f6c4fd34-6d27-4990-9777-ca50f019e2ff)
Comments
http://www.freesshd.com/index.php?ctt=forum&action=view&topic=1102011017&p=0
Good luck!
[quote]I changed the service to logon as administrator and not system and that seems to be working after a reboot and different windows logons.[/quote]
Finally a fix for this nuisance of a problem. Amazing how such a simple thing can drive someone nuts for a year!
The issue is that two separate program instances open, and then their settings get screwed up.
When the program is ran as a service it looks here for config:
C:\Program Files\freeFTPd\freeFTPdservice.cfg
When you open the GUI as a USER and hit Save & Apply... your config goes to your /users/ folder i.e. here:
C:\Users\jferreira\AppData\Local\VirtualStore\Program Files\freeFTPd\freeFTPdservice.cfg
Service tries to start... uses the WRONG cfg file and it never works.
Open the GUI... save you settings... go find the config file in your /users/ directory (you may have to search for it).
Copy this file into C:\Program Files\freeFTPd\ and restart. It will work !!!
I think this has something to do with a Server 2003\2008 environment.
Thank You very much!
Dan
Thanks in advance.
The service starts using the last saved config from the GUI. That includes whether the services are started or not. Remember, the GUI does not see that the Windows service is running and will come up with both listeners in a stopped state. From what I can tell, if you save the config with either in the Stopped state the restart the Windows service, it will start them in the SAME state they were in when you saved the config.
All I had to do to fix the problem was this:
1) Open the GUI, make changes, then MAKE SURE THE SERVERS ARE STARTED.
2) AFTER servers are started, hit the Apply button in the GUI several times. (For some reason, if I hit it only once, it didn't appear to save every time.)
3) Close the GUI and find the icon in the tray and make sure you quit out of it also.
4) Restart the Windows service.
To test it, open a command window and enter netstat -an. Look for the server listening on port 22. If you do this before the steps above, nothing is listening on port 22. After the above steps, I see it listening on port 22.
I can log off and it still works. I also did a reboot of the server and it came up in the listening state.
This worked for me, but from the comments I've read, every Windows Server edition seems to be different.
Hopefully, this will help others that have pulled their hair out looking for a fix like me!
I have one question about freeFTPd... When you configure FTP using FTP+SSL, ¿how could I configure the port range? I don't see any option about this.
If it is not possible, ¿what port range use freeFTPd by default to FTP using FTP+SSL?
I need to know this information to open correctly the firewalls.
It's a bit urgent. Thank you very much.
Regards.
Can we allow any AD security group to access the freeftpd