< Home

CLI: Example for Configuring the FW as an FTP Server

This section describes how to configure the FW as an FTP server and how to use a PC to download files from the FW through FTP.

Networking Requirements

As shown in Figure 1, a PC is used to log in to the FW and download files from the FW through FTP.

FTP transmits passwords and data in plaintext mode, causing security risks. To secure data transmission, use SFTP.

Figure 1 Networking diagram for configuring the FW as an FTP server

Data Planning

Item

Data

FW

Security policy: policy_ftp

FTP administrator account: admin_ftp, password: Mydevice@ftp

FTP server directory: hda1

File: sys.bin

PC

IP address and mask of the administrator's PC: 192.168.0.100/24

FTP client software: cmd (in the Windows operating system)

Procedure

  1. Configure the FW.
    1. Configure a security policy for the Local-Trust interzone to permit the FTP service.

      <FW> system-view
[FW] security-policy
[FW-policy-security] rule name policy_ftp
[FW-policy-security-rule-policy_ftp] service ftp
[FW-policy-security-rule-policy_ftp] source-zone trust
[FW-policy-security-rule-policy_ftp] destination-zone local
[FW-policy-security-rule-policy_ftp] source-address 192.168.0.100 32
[FW-policy-security-rule-policy_ftp] destination-address 192.168.0.1 32
[FW-policy-security-rule-policy_ftp] action permit
[FW-policy-security-rule-policy_ftp] quit
[FW-policy-security] quit

    2. Configure an FTP administrator account.

      [FW] aaa
[FW-aaa] manager-user admin_ftp
[FW-aaa-manager-user-admin_ftp] password
Enter Password: 
Confirm Password:   
[FW-aaa-manager-user-admin_ftp] level 3
[FW-aaa-manager-user-admin_ftp] service-type ftp
[FW-aaa-manager-user-admin_ftp] ftp-directory hda1:
[FW-aaa-manager-user-admin_ftp] quit
[FW-aaa] quit

    3. Enable the FTP service.

      [FW] ftp server enable

  2. Set an IP address and subnet mask for the PC. Details are omitted.
  3. Use FTP to log in to the FW from the PC and download files.
    1. Choose Start > Run, enter cmd, and press Enter.
    2. Enter D: and press Enter to set drive D as the working directory for the administrator's PC.
    3. Enter ftp 192.168.0.1, press Enter, and then use the account and password to log in to the FW.
    4. Download file sys.bin from the FTP directory on the FW to the root directory of drive D.
    5. Close the FTP connection and view the downloaded file.

    C:\Documents and Settings\user> d:
D:\> ftp 192.168.0.1
Trying 192.168.0.1 ...
Press CTRL+K to abort
Warning: FTP is not a secure protocol, and you are advised to use SFTP.
Connected to 192.168.0.1.
220 FTP service ready.
User(192.168.0.1:(none)):admin_ftp
331 Password required for admin_ftp.
Password:
230 User logged in.
ftp> binary
200 Type set to I.
ftp> get sys.bin
200 PORT command okay.
150 Opening BINARY mode data connection for sys.bin.
226 Transfer complete.
ftp: 20116676 bytes received for 43.60 seconds at 461.40 kbyte/s.
ftp> quit
D:\>dir
......
2010-09-25  15:56        20,116,676   sys.bin
......

Configuration Scripts

#                                                                               
 sysname FW
#                                                                               
aaa
 manager-user admin_ftp                                                       
  password cipher %@%@*y:3*ZN}.%%qcB.|@XBVML1cCyDwlDWq'6JF(iOz2D8>A\SN%@%@                              
  service-type ftp                                                              
  level 3                                                                       
  ftp-directory hda1:                                                           
#                                                                               
security-policy                                                                 
 rule name policy_ftp                                                          
  source-zone trust                                                               
  destination-zone local
  service ftp                
  source-address 192.168.0.100 32                                                    
  destination-address 192.168.0.1 32
  action permit
Parent Topic: Configuration Examples for File System
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >