Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

FTP Screen

  5 minute read.

Last Modified 2022-06-13 16:25 EDT

Use the FTP services screen to configure FTP service settings for your TrueNAS system.

FTPBasicOption

After making changes to settings use SAVE to confirm and save your changes.

Use ADVANCED OPTIONS to display advanced settings options, and use BASIC OPTIONS to return to the basic settings options.

Use CANCEL to exit without saving.

General Options Settings

NameDescription
PortEnter the port the FTP service listens on.
ClientsEnter the maximum number of simultaneous clients.
ConnectionsEnter the maximum number of connections per IP address. 0 is unlimited.
Login AttemptsEnter the maximum attempts before client is disconnected. Increase if users are prone to misspellings or typos.
TimeoutEnter the maximum client idle time in seconds before disconnect. Default value is 600 seconds.
CertificateSelect the SSL certificate to use for TLS FTP connections from the dropdown list, which is currently freenas_default. To create a certificate, go to System > Certificates.

Advanced Option Settings

Use Advanced Options if you need to customize your FTP service beyond the settings on the Basic Options screen.

Access and TLS Settings

FTPAdvancedOptionsAccessTLS

Access Settings

NameDescription
Always ChrootSelect to only allow users access their home directory if they are in the wheel group. This option increases security risk.
Allow Root LoginSelect to allow root logins. Setting this option is discouraged as it increases security risk.
Allow Anonymous LoginSelect to allow anonymous FTP logins with access to the directory specified in Path.
Allow Local User LoginSelect to allow any local user to log in. By default, only members of the ftp group are allowed to log in.
Require IDENT AuthenticationSelect to require IDENT authentication. Setting this option results in timeouts when ident (or in Shell identd) is not running on the client.
File PermissionsSets default permissions for newly created directories.

TLS Settings

Unless necessary, do NOT allow anonymous or root access. For better security, enable TLS when possible. This is effectively FTPS. When FTP is exposed to a WAN, enable TLS.

NameDescription
Enable TLSSelect to allow encrypted connections. Requires a certificate (created or imported using System > Certificates.
TLS PolicySelect the policy from the dropdown list of options. Options are On, off, Data, !Data, Auth, Ctrl, Ctrl + Data, Ctrl +!Data, Auth + Data or Auth +!Data. Defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. The policies are described here.
TLS Allow Client RenegotiationsSelect to allow client renegotiations. This option is not recommended. Setting this option breaks several security measures. See mod_tls for details.
TLS Allow Dot LoginIf select, TrueNAS checks the user home directory for a .tlslogin file containing one or more PEM-encoded certificates. If not found, the user is prompted for password authentication.
TLS Allow Per UserIf set, allows sending a user password unencrypted.
TLS Common Name RequiredSelect to require the common name in the certificate to match the FQDN of the host.
TLS Enable DiagnosticsSelected to logs more verbose, which is helpful when troubleshooting a connection.
TLS Export Certificate DataSelect to export the certificate environment variables.
TLS No Certificate RequestSelect if the client cannot connect likely because the client server is poorly handling the server certificate request.
TLS No Empty FragmentsNot recommended. This option bypasses a security mechanism.
TLS No Session Reuse RequiredThis option reduces connection security. Only use it if the client does not understand reused SSL sessions.
TLS Export Standard VarsSelected to set several environment variables.
TLS DNS Name RequiredSelect to require the client DNS name to resolve to its IP address and the cert contain the same DNS name.
TLS IP Address RequiredSelect to require the client certificate IP address to match the client IP address.

Bandwidth and Other Settings**

FTPAdvancedOptionsBandwidthOther

Bandwitdth Settings

NameDescription
Local User Upload Bandwidth: (Examples: 500 KiB, 500M, 2 TB)Enter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Local User Download BandwidthEnter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Anonymous User Upload BandwidthEnter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Anonymous User Download BandwidthEnter a value. If measurement is not specified it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.

Other Options Settings

NameDescription
Minimum Passive PortUsed by clients in PASV mode. A default of 0 means any port above 1023.
Maximum Passive PortUsed by clients in PASV mode. A default of 0 means any port above 1023.
Enable FXPSelect to enable the File eXchange Protocol (FXP). Not recommended as this leaves the server vulnerable to FTP bounce attacks.
Allow Transfer ResumptionSelect to allow FTP clients to resume interrupted transfers.
Perform Reverse DNS LookupsSelect to allow performing reverse DNS lookups on client IPs. Causes long delays if reverse DNS isn’t configured.
Masquerade AddressPublic IP address or host name. Set if FTP clients cannot connect through a NAT device.
Display LoginSpecify the message displayed to local login users after authentication. Thi is not displayed to anonymous login users.
Auxiliary ParametersUsed to add additional proftpd(8 parameters.

Additional Information

See Configuring FTP for instructions on setting up FTP service for your TrueNAS.

Or see FTP, SFTP and TFTP Services for more information on other file transfer protocols.