content/ftpserver-project/ftpserver_port_21.html - mina-site - Git at Google

 <!DOCTYPE html>

 <html lang="en">
 <head>
     <title>FtpServer and port 21 on Linux &mdash; Apache MINA</title>

     <link href="/assets/css/common.css" rel="stylesheet" type="text/css"/>
     <link href="/assets/css/ftpserver.css" rel="stylesheet" type="text/css"/>
 </head>
 <body>
 <script src="https://www.apachecon.com/event-images/snippet.js"></script>
 <div id="container">
     <div id="header">
     <div id="subProjectsNavBar">
         <a href="/">

                 Apache MINA Project

         </a>
         &nbsp;|&nbsp;
         <a href="/mina-project/">

                 MINA

         </a>
         &nbsp;|&nbsp;
         <a href="/asyncweb-project/">

                 AsyncWeb

         </a>
         &nbsp;|&nbsp;
         <a href="/ftpserver-project/">

                 <strong>FtpServer</strong>

         </a>
         &nbsp;|&nbsp;
         <a href="/sshd-project/">

                 SSHD

         </a>
         &nbsp;|&nbsp;
         <a href="/vysper-project/">

                 Vysper

         </a>
     </div>
 </div>


     <div id="content">
         <div id="leftColumn">
             <div id="navigation">
                 <a class="acevent" data-format="wide" data-width="170"></a>
                 <h5>Social Networks</h5>
                 <ul>
                     <li><a href="https://fosstodon.org/@apachemina">Apache MINA Mastodon</a></li>
                 </ul>
                 <h5>Overview</h5>
                 <ul>
                     <li><a href="/ftpserver-project/index.html">Home</a> </li>
                     <li><a href="/ftpserver-project/features.html">Features</a> </li>
                     <li><a href="/ftpserver-project/download_1_1.html">FtpServer 1.1.4</a></li>
                     <li><a href="/ftpserver-project/download_1_2.html">FtpServer 1.2.0</a></li>
                     <li><a href="/ftpserver-project/old-downloads.html">Old Downloads</a></li>
                     <li><a href="/ftpserver-project/documentation.html">Documentation</a></li>
                     <li><a href="/ftpserver-project/gen-docs/latest-1.1/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 1.1.4</a></li>
                     <li><a href="/ftpserver-project/gen-docs/latest-1.2/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 1.2.0</a></li>
                     <li><a href="/ftpserver-project/getting_source.html">Sources</a></li>
                     <li><a href="/ftpserver-project/faq.html">FAQ</a></li>
                     <li><a href="/ftpserver-project/related_project.html">Related Project</a></li>
                 </ul>

                 <h5>Community</h5>
                 <ul>
                     <li><a href="/ftpserver-project/mailing_list.html">Mailing Lists</a></li>
                     <li><a href="/ftpserver-project/getting_involved.html">Getting Involved</a></li>
                     <li><a href="/ftpserver-project/reporting_bug.html">Reporting a Bug</a></li>
                     <li><a href="/ftpserver-project/contributors.html">Contributors</a></li>
                     <li><a href="https://www.apache.org/foundation/contributing.html">Contributing</a></li>
                     <li><a href="https://www.apache.org/licenses/">License</a></li>
                     <li><a href="https://www.apache.org/security/">Security</a></li>
                 </ul>

                 <h5>Sponsorship</h5>
                 <ul>
                     <li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
                     <li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
                     <li><a href="https://www.apache.org/">apache.org</a></li>
                 </ul>
             </div>
         </div>
         <div id="rightColumn">


 	<h1 id="ftpserver-and-port-21-on-linux">FtpServer and port 21 on Linux</h1>
 <p>Under Linux only programs running as root is allowed to bind and listen to ports with port numbers below 1024. However, running a server which communicates with untrusted clients as root is not recommended for security reasons. The standard way to solve this problem in servers such as Apache HTTPD is to start the server as root and bind to the privileged port and then use the setuid C function to change the user ID of the current process. In Java there is no equivalent to the setuid C function in the standard API which means that one would have to use a native library to achieve the same, something which FtpServer doesn&rsquo;t support at the moment.</p>
 <p>So, to have FtpServer listen on port 21 but still run it as a normal user one will have to look at other solutions such as using the firewall built into Linux. It turns out that this is really simple. Using the iptables command we can add a rule to the firewall that rewrites all TCP packets coming in on port 21 so that they are effectively forwarded to port 60021:</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport <span style="color:#666">21</span> -j REDIRECT --to-ports <span style="color:#666">60021</span>
 </code></pre></div><p>We can now configure FtpServer to listen on port 60021 and it will be available on port 21 as well.</p>


         </div>
         <div id="endContent"></div>
     </div>

     <div id="footer">
     &copy; 2003-2024, <a href="https://www.apache.org">The Apache Software Foundation</a> - <a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a><br />
     Apache MINA, MINA, Apache Vysper, Vysper, Apache SSHd, SSHd, Apache FtpServer, FtpServer, Apache AsyncWeb, AsyncWeb,
     Apache, the Apache feather logo, and the Apache Mina project logos are trademarks of The Apache Software Foundation.
 </div>

 </div>


 </body>

 </html>
	<!DOCTYPE html>

	<html lang="en">
	<head>
	<title>FtpServer and port 21 on Linux — Apache MINA</title>

	<link href="/assets/css/common.css" rel="stylesheet" type="text/css"/>
	<link href="/assets/css/ftpserver.css" rel="stylesheet" type="text/css"/>
	</head>
	<body>
	<script src="https://www.apachecon.com/event-images/snippet.js"></script>
	<div id="container">
	<div id="header">
	<div id="subProjectsNavBar">
	<a href="/">

	Apache MINA Project

	</a>
	\|
	<a href="/mina-project/">

	MINA

	</a>
	\|
	<a href="/asyncweb-project/">

	AsyncWeb

	</a>
	\|
	<a href="/ftpserver-project/">

	<strong>FtpServer</strong>

	</a>
	\|
	<a href="/sshd-project/">

	SSHD

	</a>
	\|
	<a href="/vysper-project/">

	Vysper

	</a>
	</div>
	</div>


	<div id="content">
	<div id="leftColumn">
	<div id="navigation">
	<a class="acevent" data-format="wide" data-width="170"></a>
	<h5>Social Networks</h5>
	<ul>
	<li><a href="https://fosstodon.org/@apachemina">Apache MINA Mastodon</a></li>
	</ul>
	<h5>Overview</h5>
	<ul>
	<li><a href="/ftpserver-project/index.html">Home</a> </li>
	<li><a href="/ftpserver-project/features.html">Features</a> </li>
	<li><a href="/ftpserver-project/download_1_1.html">FtpServer 1.1.4</a></li>
	<li><a href="/ftpserver-project/download_1_2.html">FtpServer 1.2.0</a></li>
	<li><a href="/ftpserver-project/old-downloads.html">Old Downloads</a></li>
	<li><a href="/ftpserver-project/documentation.html">Documentation</a></li>
	<li><a href="/ftpserver-project/gen-docs/latest-1.1/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 1.1.4</a></li>
	<li><a href="/ftpserver-project/gen-docs/latest-1.2/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 1.2.0</a></li>
	<li><a href="/ftpserver-project/getting_source.html">Sources</a></li>
	<li><a href="/ftpserver-project/faq.html">FAQ</a></li>
	<li><a href="/ftpserver-project/related_project.html">Related Project</a></li>
	</ul>

	<h5>Community</h5>
	<ul>
	<li><a href="/ftpserver-project/mailing_list.html">Mailing Lists</a></li>
	<li><a href="/ftpserver-project/getting_involved.html">Getting Involved</a></li>
	<li><a href="/ftpserver-project/reporting_bug.html">Reporting a Bug</a></li>
	<li><a href="/ftpserver-project/contributors.html">Contributors</a></li>
	<li><a href="https://www.apache.org/foundation/contributing.html">Contributing</a></li>
	<li><a href="https://www.apache.org/licenses/">License</a></li>
	<li><a href="https://www.apache.org/security/">Security</a></li>
	</ul>

	<h5>Sponsorship</h5>
	<ul>
	<li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="https://www.apache.org/">apache.org</a></li>
	</ul>
	</div>
	</div>
	<div id="rightColumn">



	<h1 id="ftpserver-and-port-21-on-linux">FtpServer and port 21 on Linux</h1>
	<p>Under Linux only programs running as root is allowed to bind and listen to ports with port numbers below 1024. However, running a server which communicates with untrusted clients as root is not recommended for security reasons. The standard way to solve this problem in servers such as Apache HTTPD is to start the server as root and bind to the privileged port and then use the setuid C function to change the user ID of the current process. In Java there is no equivalent to the setuid C function in the standard API which means that one would have to use a native library to achieve the same, something which FtpServer doesn’t support at the moment.</p>
	<p>So, to have FtpServer listen on port 21 but still run it as a normal user one will have to look at other solutions such as using the firewall built into Linux. It turns out that this is really simple. Using the iptables command we can add a rule to the firewall that rewrites all TCP packets coming in on port 21 so that they are effectively forwarded to port 60021:</p>
	<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport <span style="color:#666">21</span> -j REDIRECT --to-ports <span style="color:#666">60021</span>
	</code></pre></div><p>We can now configure FtpServer to listen on port 60021 and it will be available on port 21 as well.</p>




	</div>
	<div id="endContent"></div>
	</div>

	<div id="footer">
	© 2003-2024, <a href="https://www.apache.org">The Apache Software Foundation</a> - <a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a><br />
	Apache MINA, MINA, Apache Vysper, Vysper, Apache SSHd, SSHd, Apache FtpServer, FtpServer, Apache AsyncWeb, AsyncWeb,
	Apache, the Apache feather logo, and the Apache Mina project logos are trademarks of The Apache Software Foundation.
	</div>

	</div>


	</body>

	</html>