aphinity
07-27-2006, 12:26 AM
Hi there,
Maybe this is old news, but I"ve never seen this posted anywhere. Have I actually come up with a new solution? :)
Something that has bothered much of the mac world for some time, particularly those who have ever attempted to setup an ftp server behind a firewall or a router, is that the built-in ftp service in Mac OS X 10.4 is a stripped down, unconfigurable service with no way to configure things like passive port ranges - or so we thought.
For those who don't know, most ftp servers require a range (a very large range) of ports available for use, selected at random, whenever a connected client requests a file or directory listing outside of the root. The main ports used are ports 20 and 21, but the other randomly selected port is picked frorm anywhere between 1024 and 65535 on the OS X ftp server. Sadly, we cannot predict which one it will pick, meaning if you do not setup your router or firewall to allow access from the client to your ftp server, the transfer will fail. That means you have to open a HECK of a lot of ports to your server.
There IS a better way. You do NOT have to install another ftp service!
The service running in OS X is a variant of tnftpd (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/ftpd.conf.5.html#//apple_ref/doc/man/5/ftpd.conf) or something very similar, which is configured with a file called ftpd.conf (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/ftpd.conf.5.html#//apple_ref/doc/man/5/ftpd.conf) stored in the hidden /etc folder on your hard drive. There is detailed information on what you can configure the ftp server to do from within this file.
Here's the tricky part. The ftpd.conf file DOES NOT EXIST by default. If you create it, the ftp service will see it, and follow the directions in it, INCLUDING a specific passive ftp port range! Woo! Be sure to restart the service in the control panel/sharing after you modify the file.
Let's say you have your ftp server behind an apple airport extreme base station. Quickly described, here is what you have to do:
1. Enable the root user in /Applications/Utilities/NetInfo Manager and set a password.
2. Open terminal in /Applications/Utilities/ and type:
su root
.. then enter your password.
3. type:
cd /etc
pico ftpd.conf
4. From within the pico text editor, type:
portrange all 49152 49155
5. Press Control-X together, type a Y to say yes to saving, and hit enter to confirm the name of the new file.
6. Go into your System Preferences/Sharing and turn off the ftp sharing, then turn it on again. You're done!
Now that you've done this, you only have to point ports 20, 21, 40152, 40153, 40154 and 40155 to your ftp server from your router, and your ftp server will work perfectly! No more problems connecting!
Enjoy!
-Rob Harrison
PS: I know ftp is insecure. Please don't hijack the thread with comments about that.
Maybe this is old news, but I"ve never seen this posted anywhere. Have I actually come up with a new solution? :)
Something that has bothered much of the mac world for some time, particularly those who have ever attempted to setup an ftp server behind a firewall or a router, is that the built-in ftp service in Mac OS X 10.4 is a stripped down, unconfigurable service with no way to configure things like passive port ranges - or so we thought.
For those who don't know, most ftp servers require a range (a very large range) of ports available for use, selected at random, whenever a connected client requests a file or directory listing outside of the root. The main ports used are ports 20 and 21, but the other randomly selected port is picked frorm anywhere between 1024 and 65535 on the OS X ftp server. Sadly, we cannot predict which one it will pick, meaning if you do not setup your router or firewall to allow access from the client to your ftp server, the transfer will fail. That means you have to open a HECK of a lot of ports to your server.
There IS a better way. You do NOT have to install another ftp service!
The service running in OS X is a variant of tnftpd (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/ftpd.conf.5.html#//apple_ref/doc/man/5/ftpd.conf) or something very similar, which is configured with a file called ftpd.conf (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/ftpd.conf.5.html#//apple_ref/doc/man/5/ftpd.conf) stored in the hidden /etc folder on your hard drive. There is detailed information on what you can configure the ftp server to do from within this file.
Here's the tricky part. The ftpd.conf file DOES NOT EXIST by default. If you create it, the ftp service will see it, and follow the directions in it, INCLUDING a specific passive ftp port range! Woo! Be sure to restart the service in the control panel/sharing after you modify the file.
Let's say you have your ftp server behind an apple airport extreme base station. Quickly described, here is what you have to do:
1. Enable the root user in /Applications/Utilities/NetInfo Manager and set a password.
2. Open terminal in /Applications/Utilities/ and type:
su root
.. then enter your password.
3. type:
cd /etc
pico ftpd.conf
4. From within the pico text editor, type:
portrange all 49152 49155
5. Press Control-X together, type a Y to say yes to saving, and hit enter to confirm the name of the new file.
6. Go into your System Preferences/Sharing and turn off the ftp sharing, then turn it on again. You're done!
Now that you've done this, you only have to point ports 20, 21, 40152, 40153, 40154 and 40155 to your ftp server from your router, and your ftp server will work perfectly! No more problems connecting!
Enjoy!
-Rob Harrison
PS: I know ftp is insecure. Please don't hijack the thread with comments about that.