1.安装
git 仓库:https://github.com/proftpd/proftpd/ make && make install
2. 修改配置(最好采用被动模式)
# This sample configuration file illustrates configuring two # anonymous directories, and a guest (same thing as anonymous but # requires a valid password to login) ServerName "ProFTPD Anonymous Server" ServerType standalone # Port 21 is the standard FTP port. Port 21 PassivePorts 20000 20200 # If you don't want normal users logging in at all, uncomment this # next section #<Limit LOGIN> # DenyAll #</Limit> # Set the user and group that the server normally runs at. User ftp Group ftp AllowOverwrite on AllowRetrieveRestart on AllowStoreRestart on # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the maximum number of seconds a data connection is allowed # to "stall" before being aborted. TimeoutStalled 300 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message # Our "basic" anonymous configuration, including a single # upload directory ("uploads") <Anonymous ~ftp> # Allow logins if they are disabled above. <Limit LOGIN> AllowAll </Limit> # Maximum clients with message MaxClients 5 "Sorry, max %m users -- try again later" User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit> # An upload directory that allows storing files but not retrieving # or creating directories. <Directory uploads/*> <Limit READ> DenyAll </Limit> <Limit STOR> AllowAll </Limit> </Directory> </Anonymous> # A second anonymous ftp section. Users can login as "private". Here # we hide files owned by root from being manipulated in any way. <Anonymous /usr/local/private> User bobf Group users UserAlias private bobf UserAlias engineering bobf # Deny access from *.evil.net and *.otherevil.net, but allow # all others. <Limit LOGIN> Order deny,allow Deny from .evil.net, .otherevil.net Allow from all </Limit> # We want all uploaded files to be owned by 'engdept' group and # group writable. GroupOwner engdept Umask 006 # Hide all files owned by user 'root' HideUser root <Limit WRITE> DenyAll </Limit> # Disallow clients from any access to hidden files. <Limit READ DIRS> IgnoreHidden on </Limit> # Permit uploading and creation of new directories in # submissions/public <Directory submissions/public> <Limit READ> DenyAll IgnoreHidden on </Limit> <Limit STOR MKD RMD XMKD XRMD> AllowAll IgnoreHidden on </Limit> </Directory> </Anonymous> # The last anonymous example creates a "guest" account, which clients # can authenticate to only if they know the user's password. <Anonymous ~liuyuanzhen> User liuyuanzhen Group nobody AnonRequirePassword on <Limit LOGIN> AllowAll </Limit> # Deny write access from all except trusted hosts. <Limit WRITE> AllowAll </Limit> </Anonymous>
设置的密码与linux 账户一致。
3.打开防火墙
iptables -I INPUT -p tcp --dport 21 -j ACCEPT iptables -I INPUT -p tcp --dport 20 -j ACCEPT iptables -I INPUT -p tcp --dport 20000:20200 -j ACCEPT
4.启动程序
./proftpd
5.客户端连接