How to Change FTP Port in Linux
FTP or File Transfer Protocol is one of the oldest network protocol used today as standard file transfers over computer networks. FTP protocol uses the standard port 21/TCP as command port. Although, there are a lot of implementations of FTP protocol in server-side in Linux, in this guide we’ll cover how to change the port number in the Proftpd service implementation.
In order to change Proftpd service default port in Linux, first open Proftpd main configuration file for editing with your favorite text editor by issuing the below command. The opened file has different paths, specific to your own installed Linux distribution, as follows.
# nano /etc/proftpd.conf [On CentOS/RHEL] # nano /etc/proftpd/proftpd.conf [On Debian/Ubuntu]
In proftpd.conf file, search and comment the line that begins with Port 21. You need to add a hashtag
(#) in front of the line in order to comment the line.
Then, under this line, add a new port line with the new port number. You can add any TCP non-standard port between 1024 to 65535, with the condition that the new port is not already taken in your system by other application which binds on it.
In this example we’ll bind FTP service on port 2121/TCP.
#Port 21 Port 2121
In RHEL based distributions, the Port line is not present in Proftpd configuration file. To change the port, just add a new port line at the top of the configuration file, as illustrated in the below excerpt.
After you’ve changed the port number, restart the Proftpd daemon to apply changes and issue netstat command to confirm that FTP service listens on the new 2121/TCP port.
# systemctl restart proftpd # netstat -tlpn| grep ftp OR # ss -tlpn| grep ftp
Under CentOS or RHEL Linux based distributions, install policycoreutils package and add the below SELinux rules in order for the FTP daemon to bind on the 2121 port.
# yum install policycoreutils # semanage port -a -t http_port_t -p tcp 2121 # semanage port -m -t http_port_t -p tcp 2121 # systemctl restart proftpd
Finally, update your Linux distribution firewall rules in order to allow inbound traffic on the new FTP port. Also, check FTP server passive port range and make sure you also update the firewall rules to reflect passive port range.