Changing FTP default port

tombono

Occasional Visitor
Hello,

Is it possible in next version of merlin software to add support for changing the FTP port (default 21) to any other port?
Such a possibility already exists in freshtomato - of course I prefer merlin software, but such a solution would be great not only for me.

Thanks and regards
tb
 

tombono

Occasional Visitor
So when I create this custom config file with listen_port=33 the default port 21 will be closed?
 

ColinTaylor

Part of the Furniture
So when I create this custom config file with listen_port=33 the default port 21 will be closed?
Yes. There is no existing listen_port entry in the config file so it defaults to port 21. By adding this line you're telling it to use port 33 (or whatever other port you choose) instead.
 

tombono

Occasional Visitor
@ColinTaylor
Thank you for your help.
I've added this line into vsftpd.conf and now it looks like this:

anonymous_enable=NO
nopriv_user=root
write_enable=YES
local_enable=YES
chroot_local_user=YES
local_umask=000
dirmessage_enable=NO
xferlog_enable=NO
syslog_enable=NO
connect_from_port_20=YES
use_localtime=YES
listen=YES
pasv_enable=YES
pasv_min_port=57530
pasv_max_port=57560
tcp_wrappers=NO
max_clients=5
ftp_username=anonymous
ftpd_banner=Welcome to ASUS RT-AC86U FTP service.
ssl_enable=NO
listen_port=821

Now FTP works only by port 821 in LAN but it doesn't work over WAN at all (neither port 21 nor port 821) - why?
 

KMO

Occasional Visitor
I imagine the firewall is blocking it. There will be another piece of setup that adds an "allow port 21 input on eth0" exception rule to the firewall when you enable FTP WAN access. That'll need to be changed via the iptables command.

You should see the port 21 rule with iptables -L INPUT -v --line-numbers. And you can change it with something like iptables -R INPUT <line-number> -i eth0 -p tcp -m mport --dports 821 -j ACCEPT. (And same would be needed for IPv6 with ipt6ables).

Automating/scripting that is another matter though. And my command syntax might be wonky. Maybe get a second opinion before attempting it.
 

ColinTaylor

Part of the Furniture
Now FTP works only by port 821 in LAN but it doesn't work over WAN at all (neither port 21 nor port 821) - why?
As mentioned above it's because you need to replace the existing firewall rule if you also want external access. You could create a firewall-start script to do that:
Code:
#!/bin/sh

if [ "$(nvram get enable_ftp)" = "1" ] && [ "$(nvram get ftp_wanac)" = "1" ]; then
    iptables -D INPUT -p tcp -m tcp --dport 21 -j ACCEPT
    iptables -I INPUT -p tcp -m tcp --dport 821 -j ACCEPT
fi
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top