All the software necessary comes preinstalled with OpenBSD 4.1 so all we need is some configuration.
NOTE: The following commands assume you have just installed OpenBSD 4.1 and haved not done any previous configuration. If this is not a virgin OpenBSD system make sure you study the current configuration and know what you are doing before cutting and pasting the commands below. Use the commands below at your own risk.
First, I assume you already have your basic firewall configured and running. I guess if your box is behind another firewall you might choose not to have one. If you don't have one you can install this this sample pf.conf to /etc/pf.conf before continuing (just change vr0 to be your interface going to the internet).
Now, let's configure everything. I use /var/www/ftp as my anonymouse root (www so my chrooted Apache can provide HTTP access to my ftp server dirs):
mkdir -p /var/www/ftp
groupadd ftp
useradd -c 'Anonymous ftp' -d /var/www/ftp -g ftp -s /sbin/nologin ftp
cd /var/www/ftp
mkdir -p bin etc pub
chmod 555 . pub
chmod 511 bin etc
cd etc
cp /etc/pwd.db .
cp /etc/group .
echo 'Welcome to my server....All transfers are logged.' >> motd
cd ..
chmod -R -w .
echo '# Set to NO if ftpd is running out of inetd' >> /etc/rc.conf.local
echo 'ftpd_flags="-DllUSA" # for non-inetd use: "-D"' >> /etc/rc.conf.local
echo 'net.inet.ip.porthifirst=6000' >> /etc/sysctl.conf
echo 'net.inet.ip.porthilast=60100' >> /etc/sysctl.conf
echo '' >> /etc/pf.conf
echo '# FTP' >> /etc/pf.conf
echo 'pass in on $ext_if proto {tcp,udp} from any to any \' >> /etc/pf.conf
echo ' port { ftp, ftp-data, 6000:60100 } keep state' >> /etc/pf.conf
echo '' >> /etc/pf.conf
pfctl -f /etc/pf.conf
/usr/libexec/ftpd -DllUSA
