CentOS FTP Server Port Setting Guide

This guide provides step-by-step instructions for configuring FTP server ports on CentOS, focusing on vsftpd (the most commonly used FTP server in CentOS). The process includes modifying the configuration file, adjusting firewall rules, and testing the connection.

1. Install vsftpd

If vsftpd is not already installed, use the following command to install it:

sudo yum install vsftpd -y

2. Start and Enable vsftpd Service

Start the vsftpd service and configure it to start automatically on system boot:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

3. Modify vsftpd Configuration File

Edit the vsftpd main configuration file (/etc/vsftpd/vsftpd.conf) using a text editor (e.g., vi or nano):

sudo vi /etc/vsftpd/vsftpd.conf

Key Port-Related Configurations

• Set the Command Port (Default: 21):
  Locate the listen_port parameter (or add it if absent) and specify your desired port (e.g., 2121). This is the port clients will use to connect to the FTP server.

  listen_port=2121
  

• Configure Passive Mode Ports (Required for Active FTP):
  Passive mode allows clients to initiate data connections. Define a port range for passive mode to avoid firewall issues:

  pasv_enable=YES
  pasv_min_port=2122  # Start of the passive mode port range
  pasv_max_port=2123  # End of the passive mode port range
  

• Enable Listening Mode:
  Ensure listen=YES is set to enable IPv4 listening (required for FTP connections).

  listen=YES
  

4. Restart vsftpd Service

Apply the configuration changes by restarting the vsftpd service:

sudo systemctl restart vsftpd

5. Configure Firewall

Allow the new FTP command port and passive mode port range through the firewall (using firewalld, the default firewall tool in CentOS):

For firewalld

• Permanent Rule for Command Port:

  sudo firewall-cmd --permanent --add-port=2121/tcp  # Replace 2121 with your custom port
  

• Permanent Rule for Passive Mode Port Range:

  sudo firewall-cmd --permanent --add-port=2122-2123/tcp  # Replace with your pasv_min/max ports
  

• Reload Firewall:

  sudo firewall-cmd --reload
  

6. Test FTP Connection

Verify the FTP server is accessible on the new port using an FTP client (e.g., ftp command-line tool or FileZilla):

ftp localhost 2121  # Replace 2121 with your custom port

Enter your FTP username and password when prompted. If the connection succeeds, the port configuration is correct.

Optional: Disable SELinux (if applicable)

If SELinux is enforcing, it may block FTP connections. To temporarily disable SELinux (not recommended for production):

sudo setenforce 0

To permanently disable SELinux, edit /etc/selinux/config and set SELINUX=disabled, then reboot the server.

Security Recommendations

• Use Strong Passwords: Ensure FTP users have complex passwords to prevent unauthorized access.
• Limit User Access: Use the user_list file to restrict which users can log in to the FTP server.
• Consider SFTP: For encrypted file transfers, use SFTP (SSH File Transfer Protocol) instead of FTP. SFTP uses port 22 by default and provides better security.

以上就是关于“CentOS FTP Server端口设置指南”的相关介绍，筋斗云是国内较早的云主机应用的服务商，拥有10余年行业经验，提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩，主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复；电子化备案，提交快速，专业团队7×24小时服务支持！

简单好用、高性价比云服务器租用链接：https://www.jindouyun.cn/product/cvm