Navigation

falconwmua · #1 10th February 2010, 14:14

We're trying to run vsftpd to do regular ftp and ftps but our firewall (not iptables) keeps blocking the connects not matter what rules we apply. The Firewall guy wants to split it up with regulare ftp on port 21 and ftps on port 21000 so that we can use 2 different sets of rules. The only way I can think of doing this is to setup 2 different vsftpd configs and services. Any suggestions?

Mark_NL · #2 10th February 2010, 15:44

You can run FTP (SSL and TLS) traffic over the same port (21) ..

If you use Explicit SSL, the connection will be unencrypted until you call "AUTH SSL" or "AUTH TLS" and then starts doing the certificate negotiation etc.

Implicit SSL gives you the option to bind secure connections on a different port (default 990)

falconwmua · #3 10th February 2010, 15:47

I currently have it configured that way. But our External Firewall can't handle it. That's why we're wanting to separate it so that we can apply different rules on the different ports.

Mark_NL · #4 10th February 2010, 16:15

Then you have to run multiple vsftpd instances, and use different config files for it specifying another port.

though i still think it's strange that your firewall guy can't get this working. What type of firewall are you running?

falconwmua · #5 10th February 2010, 16:28

I think its a Checkpoint. I agree about the firewall but we're up against a deadline and I don't have much recourse on calling out the firewall guy. You wouldn't happen to know of a good howto on copying and modifying the service scripts to run that second config?