Ftp service on non-standard ports

kasnol · 06-17-2003, 12:51 PM

Hi~ Does anyone know how to set up ftp service on a non-standard ftp port [i.e. 9021] ?

I have tried changing the server port setting in proftpd / pureftpd under Mandrake 9.1 however not working.
(I have open the port 9021 from shorewall )

I have read bits and pieces of infomration you needed to add tcp/udp entries at /etc/service:

ftp-A 9021/tcp
ftp-A 9021/udp fsp fspd

What else are there to be done ?

Thanks a LOT & in Advance !!!

zmedico · 06-17-2003, 01:09 PM

Quote:

Originally posted by kasnol

I have tried changing the server port setting in proftpd / pureftpd under Mandrake 9.1 however not working.

Are they still listening on the wrong ports or what? You can use "netstat -tanp" so see what is listening on what port.

kasnol · 06-18-2003, 01:49 PM

I suspect it might be due to shorewall settings - apparently it gives me the following message when I ftp from another box:

200 Type set to A.
200 PORT command successful
425 Unable to build data connection: Connection refused.

or could it be the it can't recognize it need to open local ports for transfers ?

zmedico · 06-18-2003, 05:24 PM

I haven't used shorewall but for iptables I had to do "/sbin/modprobe ip_conntrack_ftp" to make my firewall allow ftp related data connections.

It's also possible that the client isn't allowing the data connection to come in. Passive mode is a workaround in that case.

kasnol · 06-19-2003, 12:44 PM

I did add this lines to /etc/modules/conf:

options ip_nat_ftp ports=3D21,9021
options ip_conntrack_ftp ports=3D21,9021

however still the problem exists ... any ideas ?

zmedico · 06-19-2003, 10:48 PM

Are you sure those modules are really inserted? You can read /proc/modules to make sure they are.

Are you using passive mode on the client?

Can you set up your firewall to log all the dropped packets in /var/log/messages? That's what I do with iptables, so I can use the log for debugging.