Virtual hosts with VsFTPd on FreeBSD.

First when I say virtual host, I don’t mean like Apache. This is for one Anonymous FTP site per IP.

You can have more than one NIC with different IPs or alias more than one IP to each NIC card, like this in /etc/rc.conf
ifconfig_dc0=”inet xxx.xxx.xxx.xx1 netmask 255.255.255.0″
ifconfig_dc0_alias0=”xxx.xxx.xxx.xx2 netmask 255.255.255.255″

Okay, I admit it. I have been spoiled by NcFTPd.
I’ve used it for a while on client owned machines, and it has everything that an ISP could want in an FTP server.

The only problem is that it is not free. Unless you are a non-profit, school, etc, which I am not.
It would cost me about $200, thus my use of VsFTPd.

I decided to use VsFTPd over ProFTPd because I have to use at work on RHEL, so I already know the configuration syntax.

Okay first step, install VsFTPd
# cd /usr/ports/ftp/vsftpd
# make install clean

It can be started either on it’s own, or by inetd / xinetd.
In this example I will use the latter as VsFTPd has no support for virtual hosts on it’s own.

Create you first vsftpd.conf in /usr/local/etc.

Mine looks like this.
# Access rights
anonymous_enable=YES
ftp_username=vsftpd
anon_root=directory1
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
secure_chroot_dir=/usr/local/share/vsftpd/empty
# Features
xferlog_enable=YES
ls_recurse_enable=YES
ascii_download_enable=YES
async_abor_enable=YES
# Performance
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000

Let’s try to vsftpd working on one site before we try anything else.

The home directory of the anonymous ftp username must exist, so
# pw useradd -d /var/ftp -s /sbin/nologin -n vsftpd
# mkdir /var/ftp

Open your /etc/inetd.conf and make sure that ftp line is set something like
ftp stream tcp nowait root /usr/local/libexec/vsftpd vsftpd /usr/local/etc/vsftpd.conf

Add this to /etc/rc.conf
inetd_enable=”YES”

If it is not already started, start it.
If it is running restart it.
# killall -SIGHUP inetd

Open up your firewall and hosts.allow to ftp
In /etc/hosts.allow
vsftpd: ALL

Test your FTP configuration by trying to ftp to it.

If it doesn’t work re-read the man page for vsftpd.conf
# man vsftpd.conf

If everything seems to be working setup the virtual hosts.

To follow the examples that I found I need xinetd, so
# cd /usr/ports/security/xinetd
# make install clean

Now turn of inetd if it is on.
# killall inetd

Add this to /etc/rc.conf
inetd_enable=”NO”
xinetd_enable=”YES”

xinetd installs with a perl script to convert your inetd.conf to xinetd.conf
# xconv < /etc/inetd.conf > /usr/local/etc/xinetd.conf

To keep myself from getting confused while on Linux.
# mkdir /usr/local/etc/xinetd.d

Create a different vsftpd.conf for each ftp site
# cd /usr/local/etc
# mkdir vsftpd
# cd vsftpd
# cp ../vsftpd.conf ./domain1.conf
# cp domain1.conf domain2.conf
# vi domain2.conf

# Access rights
anonymous_enable=YES
ftp_username=vsftpd
anon_root=/directory2
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
secure_chroot_dir=/usr/local/share/vsftpd/empty
# Features
xferlog_enable=YES
ls_recurse_enable=YES
ascii_download_enable=YES
async_abor_enable=YES
# Performance
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000

Change the anon_root directory in each conf file to the locations you want for each domain.

If you want to log each virtual domain to a different place you can add something like this.
xferlog_std_format=YES
xferlog_file=/path/to/ftpaccess_log

Remove the second part of /usr/local/etc/xinetd.conf and add the includedir statement.
Mine looks like
defaults
{
instances = 25
log_type = FILE /var/log/servicelog
log_on_success = HOST PID
log_on_failure = HOST
per_source = 5
}
includedir /usr/local/etc/xinetd.d

Now create the first xinetd site
# cd /usr/local/etc/xinetd.d
# vi domain1

service ftp
{
bind = xxx.xxx.xxx.xx1 ( Change to your first IP )
flags = NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/libexec/vsftpd
server_args = vsftpd /usr/local/etc/vsftpd/domain1.conf
}

# cp domain1 domain2
# vi domain2

service ftp
{
bind = xxx.xxx.xxx.xx2 ( Change to your second IP )
flags = NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/libexec/vsftpd
server_args = vsftpd /usr/local/etc/vsftpd/domain2.conf
}

Now just set your DNS for
ftp.domain1.com == xxx.xxx.xxx.xx1 ( First IP)
ftp.domain2.com == xxx.xxx.xxx.xx2 ( Second IP )

Start xinetd
# /usr/local/etc/rc.d/xinetd.sh start

# ftp ftp.domain1.com
# ftp ftp.domain2.com

Good Luck