[SOLVED] vsFTPd second instance of FTP Server

[Bambos]

Hello everyone,

I'm using vsFTPd and lovin it. the defaults are /etc/init.d/vsftpd (init script) and then /etc/vsftpd.conf (config file)

The execution is by systemctl : sudo systemctl start vsftpd
the system startup : sudo systemctl enable vsftpd

What would be the proper way of initializing a second instance of vsFTPd ??
Second instance is needed because of different settings of FTP Server, different ftp_root etc. Of course will have different port_listen.

Please for comments and suggestions how we can have a second instance of vsFTPd. Thank you.

[fabien]

Hello, I think this is what you want. No need for a second instance but an alias interface (virtual IP).

Without *inetd, see /usr/share/doc/vsftpd/examples/PER_IP_CONFIG/README
I don't know if it works with virtual IPs, let us know if you get a chance to test.

[...] to enable tcp_wrappers integration, you need this in your vsftpd.conf:

tcp_wrappers=YES

And you'll need a tcp_wrappers config file. An example one is supplied in this
directory: hosts.allow. It lives at /etc/hosts.allow.

Let's have a look at the example:

vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
vsftpd: 192.168.1.4: DENY

The first line:
If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd
config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are
applied ON TOP of the default vsftpd.conf.
This is obviously very powerful. You might use this to apply different
access restrictions for some IPs (e.g. the ability to upload).
Or you could give certain classes of IPs the ability to skip connection
limits (max_clients=0).
Or you could increase / decrease the bandwidth limiter for certain classes
of IPs.
You get the point :-)

The second line:
Denies the ability of 192.168.1.4 to connect. Very useful to take care of
troublemakers. And now you don't need xinetd to do it - hurrah.

With *inetd, see /usr/share/doc/vsftpd/examples/VIRTUAL_HOSTS/README

This example shows how you might set up virtual hosts. Virtual hosting is
where different clients access your machine on different IP addresses (virtual
IPs) and get redirected to different ftp sites.
[...]
Step 1) Set up a virtual IP address.
[...]
Step 2) Create a user / location for the new virtual site.
[...]
Step 3) Modify the existing site to respond to the primary IP.

Edit /etc/xinetd.d/vsftpd, and add the config line:

bind = 192.168.1.2


Step 4) Create the new site, responding on the virtual IP.

cp /etc/xinetd.d/vsftpd /etc/xinetd.d/vsftpd2

Edit vsftpd2, and change
- The bind line to refer to the IP address 192.168.1.10
- Add the line
server_args = /etc/vsftpd_site2.conf

This launches this FTP site with a different vsftpd configuration file.

cp /etc/vsftpd.conf /etc/vsftpd_site2.conf

Add two lines:
ftp_username=ftp_site2
ftpd_banner=This is the alternative FTP site.


Step 5) Restart xinetd and test!
[...]

Please let us know if this is what you are looking for.

[Bambos]

Hello @fabien thanks for your comments.
Unfortunately we can't use 2 IP's on the debian device. is industrial environment with a very small subnet and limitations.
I'm looking for a second service of vsFTPd on another port (mainly). If this is too complicated i might try having 2 separate daemons , for example vsFTPd on port 21 and pure-ftpd on 2100. but i prefer vsftpd because of the 5 lines config file i'm using.

[fabien]

OK. According to /usr/share/doc/vsftpd/examples/INTERNET_SITE_NOINETD/README, running multiple instances should not be a problem (if I understand correctly):

This example shows how to run vsftpd in "standalone" mode - i.e. without
needing to run an inetd of some kind (inetd, xinetd, tcpserver etc).
[...]
1) Copy the vsftpd.conf file in this directory to /etc/vsftpd.conf.

2) Start up vsftpd, e.g.
vsftpd &

3) That should be it!
[...]
One further note on standalone mode, regarding virtual IPs. This is very
easy - just run one copy of vsftpd per virtual IP (remembering to give each
a separate config file on the command line).
Distinguish which vsftpd is for which virtual IP with a setting like this
in the vsftpd.conf:

listen_address=192.168.1.2

And launch vsftpd with a specific config file like this:
vsftpd /etc/vsftpd.conf.site1 &

This clearly suggests that running multiple instances is not a problem as long as there is a separate configuration for each.
I would test listen_port=2100 instead of listen_address=192.168.1.2 in the example above.

listen_port
If vsftpd is in standalone mode, this is the port it will listen on for incoming FTP connections.

Default: 21

[fabien]

Hello @Bambos, have you made any progress? Have you tried the above suggestion?

[Bambos]

Hello @fabien it seems that the command ending with &, is not working on debian 12.7, i don't know why.

I had some progress : i found out that the default service instance for vsFTPd is under: /lib/systemd/system/vsftpd.service
with the default config file for this service : sudo nano /etc/vsftpd.conf

in each duplicated service file i had to sudo nano and edit the path of the related config file. for example:

cd /lib/systemd/system/vsftpd.service
cd /lib/systemd/system/vsftpd1.service
cd /lib/systemd/system/vsftpd2.service
sudo nano /etc/vsftpd.conf
sudo nano /etc/vsftpd1.conf
sudo nano /etc/vsftpd2.conf

to load in parallel :
sudo systemctl enable vsftpd
sudo systemctl enable vsftpd1
sudo systemctl enable vsftpd2

in each config file a different listening port for the ftp server need to be used, by adding the line in each config file:
listen=YES #(default 21)

listen=YES
listen_port=28

listen=YES
listen_port=29

that's about it. the above example initializes three different vsFTPd instances on the same Debian system.

[fabien]

Hello @Bambos, thanks for your feedback and for sharing your solution.
Do you consider your question to have been answered? If so, please mark your topic as [Solved] by editing the title of your first post. You can specify the subject at the same time, e.g.
[Solved] vsFTPd second instance of FTP Server while using the same IP
Thanks.

[Bambos]

thank you very much.

[Aki]

@Best_Threads
Moved to "System and Network configuration" sub-forum.