Setup FXP on FTP servers.

Here is a small guide about how to setup most popular FTP servers on linux for site-to-site transfers ( FXP ).

ProFTPD FTP server:
Config file: /etc/proftpd.conf

Add “AllowForeignAddress on” in the Global sections of the configuration file.

vsftpd FTP server:
Config file: /etc/vsftpd/vsftpd.conf

Add lines to config:

pasv_promiscuous=YES
port_promiscuous=YES

wu-ftpd FTP server:
Config file to edit: /etc/ftpaccess

Dirrectives in config:

port-allow {ArbitraryClassName} {HostAddrs}
pasv-allow {ArbitraryClassName} {HostAddrs}

If you want to allow FXP for everyone just use predefined class “all”:

port-allow all 0.0.0.0/0
pasv-allow all 0.0.0.0/0

If you want to give FXP to clients from some addresses only you have to create new class for them first:

class {ArbitraryClassName} {AccessTypes} {HostAddrs} [HostAddrs]

Example:

class fxpclass real,guest,anonymous *.domain.com *.anotherdomain.com
class all real,guest,anonymous *

This will define a new class “fxpclass”. Make sure you have put this definition before the class “all” definition.

Now you can use the new class in FXP options:

port-allow fxpclass 0.0.0.0/0
pasv-allow fxpclass 0.0.0.0/0

Comments are closed.