In the preceding chapters, you learned how to connect your Linux system to a local area network (LAN) or to the Internet via an Internet service provider (ISP). By doing so, you were able to access a plethora of services provided by others, including file transfers via FTP, web pages, email, and Telnet. In this chapter you’ll learn how to set up several Linux Internet servers, including an FTP server, an Apache web server, an email (SMTP/POP) server, and a DNS server. You’ll also learn how to implement a basic firewall to help protect your systems from unauthorized access via the Internet. These applications let you and others access data on your Linux system via the Internet. These applications will be most useful if your system is connected to the Internet 24/7. But, even if your connection is intermittent, you and others can access the services these applications provide whenever the connection is active.
An FTP server lets you transfer files from one system to another via a network. When two computers are connected to the Internet, you can use FTP to transfer files from one to the other even though the computers are not directly connected.
An
FTP server attempts to authenticate users that ask to use it. You can
configure your FTP server to accept requests only from users who have
an account on the system running the FTP server, or you can configure
it to accept requests from anyone, via a facility known as
anonymous FTP. It’s fairly simple to
install and configure an anonymous FTP server; however, crackers
regularly exploit vulnerabilities in them, breaking into systems and
causing manifold mischief. Because it’s difficult to protect a
system running anonymous FTP from attack, this section does not
describe the process for installing and configuring anonymous FTP.
Instead, we’ll cover installing and configuring
wu-ftp to support authenticated users.
Warning
Even ordinary FTP carries significant
risk. FTP sends login passwords over the network as clear text.
Anyone using a packet sniffer can discover
passwords entered during an FTP session and use them to breach
security. A more secure alternative is the Secure Shell (SSH)
scp utility, described later in this chapter.
To
install FTP, use GnoRPM to install the package
wu-ftpd. To enable your FTP server, you must
tell xinetd to respond to FTP requests. To do
so, issue the command:
chkconfig wu-ftpd onTo test your FTP server, start an FTP client by issuing the following command:
ftp localhost
The FTP server should prompt you for a login user account name and password. If you correctly supply them, you should see the FTP prompt that lets you know the FTP server is ready to execute FTP subsystem commands. Type quit and press Enter to exit the FTP client.
Tip
By default, FTP does not allow the root user to
log in. You could modify this behavior, but doing so could compromise
system security because FTP sends passwords across the network in an
insecure manner.
Once your FTP server is working, try contacting it from a remote system. If you have a Windows machine, you can contact your server by using the built-in Windows FTP client that works similarly to the Linux FTP client, interpreting the same FTP subsystem commands. Open an MS-DOS Prompt window and type the command:
ftpserver
where server specifies the hostname or IP
address of your Linux server. Generally, once the FTP subsystem
prompt is available, you should immediately issue the binary (or bin)command.
This command specifies that files will be transferred verbatim;
without it, executable files, documents, and other files that contain
binary data will be scrambled when transferred.
When you’re ready to actually transfer some files, use the FTP commands described in Table 12-1. Here’s a typical FTP session that you can use as a model:
[mccartyb@athlon mccartyb]#ftp localhostConnected to localhost. 220 athlon.localdomain FTP server (Version wu-2.6.1-16) ready. Name (localhost:root):mccartyb331 Password required for mccartyb. Password: 230 User mccartyb logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp>bin200 Type set to I. ftp>ls227 Entering Passive Mode (127,0,0,1,94,209) 150 Opening ASCII mode data connection for directory listing. total 206490 -rw-r--r-- 1 500 500 81560 May 10 16:06 01installing.jpg -rw-r--r-- 1 500 500 56611 May 10 16:34 02bootdisk.jpg -rw-rw-r-- 1 500 500 199853 Jan 28 2000 3c90x-1.0.0e.tar.gz drwxr-xr-x 8 500 500 1024 Aug 31 2000 Desktop drwxr-xr-x 2 500 500 2048 Aug 5 2000 KSnapshot -rw-r--r-- 1 500 500 36754977 Mar 31 2000 LearnRedHat.tgz drwxr-xr-x 2 500 500 1024 Oct 30 2000 Samplifile 226 Transfer complete. ftp>get 3c90x-1.0.0e.tar.gzlocal: 3c90x-1.0.0e.tar.gz remote: 3c90x-1.0.0e.tar.gz 227 Entering Passive Mode (127,0,0,1,48,29) 150 Opening BINARY mode data connection for 3c90x-1.0.0e.tar.gz (199853 bytes). 226 Transfer complete. 199853 bytes received in 0.0457 secs (4.3e+03 Kbytes/sec) ftp>quit221-You have transferred 199853 bytes in 1 files. 221-Total traffic for this session was 200480 bytes in 1 transfers. 221 Thank you for using the FTP service on athlon.localdomain.
FTP provides a very fast and reliable way for a Linux server to share files with other clients, without the need to install and configure Samba.
Table 12-1. Important FTP Commands