November 10, 201213 yr Hello folks, I poked two holes in my firewall, port 20 and 21, to my unRaid box. When ftp'ing in remotely, I can see the /disk1, disk2, /user. But when I go into /user, I get no directory listing. I run into this problem when ftping in remotely, and ftping in locally (VPN). It also seems very unsecure to me to be poking a couple of very standard holes in my firewall, then using my REAL username/pass combo to get into the unRaid box. I can just enable/disable the ftp ports when I need them, but I still feel like it could be better. Ideas there? thanks!
November 10, 201213 yr Others here will tell you to be extremely careful when exposing your UnRAID server to the big bad Internet and I'll say the same. That said, if you're determined to do it, I suggest the most secure way is VPN with SSH a close second. Stay away from FTP. It's wholly insecure and all authentication data is sent in plain text. It'd take nothing for someone to evesdrop on your data. Without hesitation VPN is the best way. How you do it, depends on your hardware and options. For me, my router supports PPTP, L2TP and so my VPN endpoint is the router. If yours doesn't have this option, then you'll need to look into others such as Hamachi. If you don't want or can't setup a VPN, then your next best option is SSH. Use OpenSSH (there's a plugin) on a non-standard port (ie. not 22), open that up in your router. To make SSH extra secure, I'd suggest you look into how to create private and public key pair so that when you authenticate with SSH, you have to have the key file which adds an extra layer of security other than a password. In fact, I only use a key and disable password logins altogether. Use something like WinSCP or another FTP client that supports SFTP and you can use that to see all of the directory structure of your UnRAID as you've been trying to do to date with FTP. As an aside, the reason you can't see anything in /disk1, /disk2 with FTP is that out of the box, FTP on UnRAID needs a little bit of extra config love. Well, I can't speak for < v5.x of UnRAID. I think things used to be different, but I came into UnRAID when 5.0b12 was out so my knowledge relates to how things work for v5. I have this in my go file; # Fix vftpd conf file echo "anon_world_readable_only=NO" >> /etc/vsftpd.conf sed -i 's/.*local_root=.*/local_root=\//' /etc/vsftpd.conf Translated, it does two things; 1. creates an entry "anon_world_readable_only=NO" in file /etc/vsftpd.conf 2. amends the existing entry "local_root" so that it points to root "/" of the directory tree, allowing me to see everything. Regards, overbyrn
November 10, 201213 yr Author Terrific, thanks for the response. I will use my VPN connection, and download through FTP over VPN. For one reason or another, I can't just copy files through Network Neighborhood (like when I'm home) through VPN. Not sure why, but this should be secure enough. It all goes through that VPN. Looks like the transfer speeds are about what they should be. A side note, adding the code to the go file makes it persist through reboots. The default entry for local_root is: local_root=/mnt. For me this works fine. I don't need to ftp to everything, only to my data in /mnt/user/XX I used the command mcedit /etc/vsftpd.conf to make the changes to the vsftpd.conf file right away. Vsftp runs as a system service, and doesn't start up until it's "poked" on port 20/21 which it listens to. At that point, it reads the .conf file and your new settings are in effect. You don't need to restart anything.
Archived
This topic is now archived and is closed to further replies.