Is it possible to set up vsftpd to listen to another port,
say 20007, for communications instead of the default
port 20? I have more than one server behind the same IP
address and i'd like to use port forwarding in my router
to allow me to FTP into them separately. Is this possible?

Thanks!

Welcome to LQ.

You can set it up in the hosts file but you would be better just forwarding from port 20007 external to port 21 internal then you don't have to change the way vsftpd runs.

thank you very much for your help. could you be a little more
specific on this internal forwarding? is this something i need to
set up on the server itself? if my router forwards data from
port 20007 to my server, say at 192.168.1.2, then i guess there
is something on my server which forwards packets from port
20007 to port 20? is this done using iptables? is there some
config file i must edit? if you can just point me to it, i'll learn what
i need to make the change myself.

this site is such an incredible service!!

thanks!

you should be able to set your router up to forward anything coming in on port 20007 to 192.168.1.2 port 20. If you're not sure how, post what brand and model router you have and I'm sure someone can help you.

thanks, i'll try that method. one other tidbit - is port 20 all i need to worry
about forwarding? i have seen port 21 listed as an FTP data port. I know
little about the workings of FTP, does 20 just do the talking and 21 the xfering?

thanks

FTP Control Channel - TCP Port 21
All commands you send and the ftp server's responses to those commands will go over the control connection, but any data sent back (such as "ls" directory lists or actual file data in either direction) will go over the data connection.
FTP Data Channel - TCP Port 20
Used for all data sent between the client and server.
http://www.siliconvalleyccie.com/lin...ftp-server.htm

So yeah port 21 has to be accessible as well, not sure if 20 actually has to be don't remember opening it on any firewalls before, but maybe that's why my ftp server is so terribly slow.


after a little research I figured my problem out. I'm still not sure you have to forward port 20 since it's not open on my firewall and my connection works fine, but with vsftp you do want to add to the iptables-config file.

thanks for hanging with me on this. i can't seem to find a file called iptables-config. i am using RH9. here's an update of my situation:

server local ip: 192.168.1.3
vsftp running as usual on port 21.

in my nat iptable i have this: (using iptables -L -t nat)

target prot opt source destination
DNAT tcp -- anywhere 192.168.1.3 tcp dpt:20007 to:192.168.1.3:21


when i type:
# ftp 192.168.1.3 i connect
# ftp 192.168.1.3 21 i connect
# ftp 192.168.1.3 20007 connection refused

just to be sure i have temporarily flushed my FORWARD, INPUT,
and OUTPUT iptables incase they were blocking anything. still
nothing. any ideas?

thanks

ok, I'm not sure how to forward port 20007 to port 21 on the same machine

If you can you need to set your router (I just noticed that it isn't possible on my router), not your iptables firewall, to redirect the port. Then when you connect to external ip xxx.xxx.xxx:20007 it redirects to your internal ip 192.168.1.3:21.

yeah i don't seem to be able to make it work internally either. thanks for all your help on the subject anyway, i really appreciate it!

thanks

Geez! It was so blindingly easy (but not so easy to find!) The port for vsftpd CAN be changed in it's config file (although it's not documented *in* the config file or man page or or or) for my problem, trying to get vsftpd to answer to port 20007, simply add this line to the /etc/vsftpd/vsftpd.conf file:

listen_port=20007

!!!

i found this gem here:
http://www.vsftpdrocks.org/faq/

works like a charm and no iptabling!!

thanks to everyone who helped me anyway!