Can I configure VSFTPD to listen only to localhost?

Question

I have a legacy app that needs FTP and cannot do SFTP.

My solution is:

put an FTP server in place using VSFTPD
configure the firewall to accept port 21 connections only from localhost
Set up an SSH connection from the client with the legacy app
Tunnel the FTP through SSH

I'm wondering though if I can configure VSFTPD to ignore connections from anywhere but localhost on its own, in addition to the firewall. Belt and bracers both.

score 22 · Accepted Answer · edited Jan 28 '15 at 20:04

22

Yes. Configure the vsftp server to listen only on 127.0.0.1: this can be done in the vsftp.conf file:

listen_address=127.0.0.1

To use this parameter, the server needs to be in standalone mode:

listen=yes

If you want to use IPv6, use these entries instead:

listen_ipv6=yes
listen_address6=::1

This is the same as the first, but uses IPv6.

You'll almost certainly have to restart to make this work.

edited Jan 28 '15 at 20:04

Community

1

answered Feb 09 '12 at 00:01

Mei

4,560
8
44
53

1

My config file needed an '=' between the listen_address and the 127.0.0.1 – Akber Choudhry Oct 13 '13 at 11:18
My config also required the '=' between property and value – David Aug 25 '14 at 18:19

Can I configure VSFTPD to listen only to localhost?

1 Answers1