Proftpd: listen on single ip

I don't use ftp, I always use sftp/scp/rsync over ssh or even a fuse remote filesystem for transferring files but wordpress 2.5 comes with this nice feature to upgrade plugins automatically from the web admin interface that needs ftp.

the problem is I don't want to enable the ftp service and make it available to the rest of the world just for that.

So what are my options?

  1. I know I could just add a firewall rule and just not allow anyone else except for localhost to connect
  2. set proftpd to listent only on localhost ( 127.0.0.1)

The #1 depends on what firewall you have so I'm not going to discuss it here. You also may not want to do that because of some other reasons you might have.

#2 needs the following two options in proftpd.conf:

DefaultAddress 127.0.0.1
SocketBindTight                 on

Now restart proftpd and you're done.

3 thoughts on “Proftpd: listen on single ip

  1. Thanks, this was actually quite helpful and straight to the point – I was just looking to do this for the very same reason :-)

  2. SocketBindTight !!! It should be in the DefaultAddress proftpd documentation to let know that it doesn’t work without SocketBindTight.

    Thanks!

Leave a Reply