TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 24.04 (Dragonfish) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

FTP Service Screen

The File Transfer Protocol (FTP) is a simple option for data transfers. The SSH options provide secure transfer methods for critical objects like configuration files, while the Trivial FTP options provide simple file transfer methods for non-critical files.

The FTP service has basic and advanced setting options. Click the for FTP to open the Basic Settings configuration screen.

FTP Basic Settings

To configure FTP, go to System Settings > Services and find FTP, then click .

FTP Basic Settings
Figure 1: FTP Basic Settings
SettingsDescription
PortEnter the port the FTP service listens on.
ClientsEnter the maximum number of simultaneous clients.
ConnectionsEnter the maximum number of connections per IP address. 0 is unlimited.
Login AttemptsEnter the maximum attempts before the client disconnects. Increase if users are prone to misspellings or typos.
Notransfer TimeoutEnter the maximum number of seconds a client is allowed to spend connected, after authentication, without issuing a command which results in creating an active or passive data connection (sending/receiving a file or receiving a directory listing).
TimeoutEnter the maximum client idle time in seconds before disconnecting. The default value is 600 seconds.

FTP Advanced Settings

Advanced Settings include the General Options on the Basic Settings configuration screen and allow you to specify access permissions, TLS settings, bandwidth, and other settings to customize FTP access.

Access and TLS Setting Options

FTP Advanced Settings Access
Figure 2: FTP Advanced Settings Access

Access Settings

Access settings specify user login, file, and directory access permissions.

SettingsDescription
Always ChrootOnly allows users to access their home directory if they are in the wheel group. This option increases security risk. To confine FTP sessions to a local user home directory, enable chroot and select Allow Local User Login.
Allow Root LoginSelect to allow root logins. This option increases security risk, so enabling this is discouraged. Do not allow anonymous or root access unless it is necessary.
Enable TLS when possible (especially when exposing FTP to a WAN). TLS effectively makes this FTPS for better security.
Allow Anonymous LoginSelect to allow anonymous FTP logins with access to the directory specified in Path. Selecting this displays the Path field. Enter or browse the location to populate the field.
Allow Local User LoginSelect to allow any local user to log in. Only members of the ftp group may log in by default.
Require IDENT AuthenticationSelect to require IDENT authentication. Setting this option results in timeouts when IDENT is not running on the client.
File PermissionsSelect the default permissions for newly created files.
Directory PermissionsSelect the default permissions for newly created directories.
FTP Advanced Settings TLS
Figure 3: FTP Advanced Settings TLS

TLS Settings

TLS settings specify the authentication methods, such as if you want to encrypt the data you transfer across the Internet.

SettingsDescription
Enable TLSSelect to allow encrypted connections. Requires a certificate (created or imported using Credentials > Certificates).
CertificateSelect the SSL certificate for TLS FTP connections from the dropdown list. Click Manage Certificates to go to Credentials > Certificates.
TLS PolicySelect the policy from the dropdown list of options. Options are On, off, Data, !Data, Auth, Ctrl, Ctrl + Data, Ctrl +!Data, Auth + Data or Auth +!Data. Defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. The policies are described here.
TLS Allow Client RenegotiationsSelect to allow client renegotiation. We do not recommend this option. Setting this option breaks several security measures. See mod_tls for details.
TLS Allow Dot LoginTrueNAS checks the user home directory for a .tlslogin file containing one or more PEM-encoded certificates. If not found, the user must enter their password.
TLS Allow Per UserSelect to allow sending a user password unencrypted.
TLS Common Name RequiredSelect to require the common name in the certificate to match the FQDN of the host.
TLS Enable DiagnosticsSelect for more verbose logging, which is helpful when troubleshooting a connection.
TLS Export Certificate DataSelect to export the certificate environment variables.
TLS No Certificate RequestSelect if the client cannot connect, likely because the client server is not correctly handling the server certificate request.
TLS No Empty FragmentsNot recommended. This option bypasses a security mechanism.
TLS No Session Reuse RequiredThis option reduces connection security. Only use it if the client does not understand reused SSL sessions.
TLS Export Standard VarsSelect to set several environment variables.
TLS DNS Name RequiredSelect to require the client DNS name to resolve to its IP address and the cert contain the same DNS name.
TLS IP Address RequiredSelect to require the client certificate IP address to match the client IP address.

Other Options

FTP Advanced Settings Other Options
Figure 4: FTP Advanced Settings Other Options
SettingsDescription
Minimum Passive PortEnter a numeric value. Used by clients in PASV mode. A default of 0 means any port above 1023.
Maximum Passive PortEnter a numeric value. Used by clients in PASV mode. A default of 0 means any port above 1023.
Enable FXPSelect to enable the File eXchange Protocol (FXP). We do not recommend FXP since it leaves the server vulnerable to FTP bounce attacks.
Allow Transfer ResumptionSelect to allow FTP clients to resume interrupted transfers.
Perform Reverse DNS LookupsSelect to allow performing reverse DNS lookups on client IPs. This option causes long delays if you do not configure reverse DNS.
Masquerade AddressEnter a public IP address or host name. Use when FTP clients cannot connect through a NAT device.
Display LoginEnter a message that displays to local login users after authentication. Anonymous login users do not see this message.
Auxiliary ParametersUsed to add additional proftpd(8) parameters.

Bandwidth Settings

Bandwidth settings specify the space you want to allocate for local and anonymous user uploads and downloads.

FTP Advanced Settings Bandwidth
Figure 5: FTP Advanced Settings Bandwidth
When configuring FTP bandwidth settings, we recommend manually entering the units you want to use, e.g. KiB, MiB, GiB.
SettingsDescription
Local User Upload Bandwidth: (Examples: 500 KiB, 500M, 2 TB)Enter a value in KiBs or greater. A default of 0 Kib means unlimited. If you do not specify a measurement, it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The default 0 KiB is unlimited.
Local User Download BandwidthEnter a value in KiBs or greater. A default of 0 Kib means unlimited. If you do not specify a measurement, it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The default 0 KiB is unlimited.
Anonymous User Upload BandwidthEnter a value in KiBs or greater. A default of 0 Kib means unlimited. If you do not specify a measurement, it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The default 0 KiB is unlimited.
Anonymous User Download BandwidthEnter a value in KiBs or greater. A default of 0 Kib means unlimited. If you do not specify a measurement, it defaults to KiB. This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). The default 0 KiB is unlimited.