multiple ftp servers on one centos 7 machine

[ralf]

Hi, I run vsftpd on my server will SSL enabled for ftp to the outside world via port 21. No problem.

I have webcams on my internal network that transfer webcam shots to this server via ftp. As the webcam doesn't support SSL via FTP, I cannot use vsftpfd in SSL mode when vsftpd handles both internal webcam traffic and outside world ftp traffic. Not a good solution for the outside traffic!
Can I run another ftp server in parallell with vsftpd, which listens on different port (not 21 as this is used by vsftpd), say 9876, and tell the webcam to use this port only?
Which ftp program should I install side by side of vsftpd, or can I run two instances of vsftpd, each with their own settings? If yes, how do I do this?
Any help is appreciated!

Thanks
Ralf

[mashiro2004]

Hi you can run multiple ftp instances on same server like this:

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd2.conf

edit vsftp2.conf whit another port not used by vsftpd.conf and disable ssl.

cp /usr/lib/systemd/system/vsftpd.service /usr/lib/systemd/system/vsftpd2.service

edit vsftpd2.service
from:
ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
to:
ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd2.conf


Systemctl start vsftpd2.service
systemctl enable vsftpd2.service

Bye

[TrevorH]

I'm afraid that ftp is a very odd protocol and doesn't like being redirected to a different port number. Your best bet would be to run two instances and listen on port 21 on two different ip addresses. That would be much easier to implement and manage.

[ralf]

Thanks mashiro2004 and Trevor !

The solution presented by Mashiro should be feasible though, inspite of ftp being an odd protocoll?
I checked that one can add to vsftpd.conf:

Code: Select all

# /etc/vsftp/vsftpd.conf
listen_port=A
ftp_data_port=B

which seem to facilitate a function to change the ftp port number?
So, am I correct when I conclude, I need to have two A's and two B's, one set for the outside word ftp traffic and one for the internal network (webcam).
My webcam FTP interface has only one port to be set, 21 being default - which I keep. Then I can use 2021 (A) and 2020 (B) for the outside world and forward them from the router to the server.

Code: Select all

# Make sure PORT transfer connections originate from port 20 (ftp-data).
#connect_from_port_20=YES
listen_port=2021
ftp_data_port=2020

Should the above work in your view?

My second question: the vsftpd.conf file also includes a line:

Code: Select all

pam_service_name=vsftpd

Do I need to modify this line in the conf file for other vsftpd process?? If yes, in which way?

Using two IP addresses is probably a more neater way as Trevor says, but requires an extra network card, which I prefer to avoid just now.

I appreciate your comments again!
Ralf

[mashiro2004]

Hi, for the pam conf you can
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd2
and modify the conf file...

If the binding on a single ip and differents ports give you some problems, i think you can bind on 2 different ip on same network card configuring alias interface (i think but i'm not sure )

[ralf]

Thanks mashiro!

The /etc/pam.d/vsftpd file reads:

Code: Select all

#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth       required	pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth       required	pam_shells.so
auth       include	password-auth
account    include	password-auth
session    required     pam_loginuid.so
session    include	password-auth

So the only thing to modify (when needed) is the /etc/vsftpd/ftpusers . The rest should be the same. Correct?

Thanks again!
Ralf

[mashiro2004]

Thanks mashiro!

The /etc/pam.d/vsftpd file reads:

Code: Select all

#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth       required	pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth       required	pam_shells.so
auth       include	password-auth
account    include	password-auth
session    required     pam_loginuid.so
session    include	password-auth

So the only thing to modify (when needed) is the /etc/vsftpd/ftpusers . The rest should be the same. Correct?

Thanks again!
Ralf

yes