Ephemeral port range for FTP

ckaraca — Fri, 22 Apr 2011 09:05:05 +0000

The standart linux distrubition calls that the ephemeral port range be between 1024 and 4999. We we all know that some of these ports are used for other more importand applications than FTP. So security is an issue because leaving those original ports open leads to major security holes. Rather than openning ports that need higher security for FTP we will change the port range. With this modified port range you can open your firewall to ports that do not have any use but PASV FTP.

First find out what the defined port range is

# cat /proc/sys/net/ipv4/ip_local_port_range
1024 4999

Know select the port range that you wan, I will define a port range of my desire but this is up to the network admin.
To change the port range you have two option

Edit with nano or vi /proc/sys/net/ipv4/ip_local_port_range
Or

echo “55001 65535” > /proc/sys/net/ipv4/ip_local_port_range

These will both change the port, chech this with # cat /proc/sys/net/ipv4/ip_local_port_range

To make these changes permanent as these definitions will vanish on every reboot you need to put a script in /etc/sysctl.conf

Nano or vi /etc/sysctl.conf
Add

# Controls Ephemeral Port Range (this is for the admin to remember what it is)
net.ipv4.ip_local_port_range = 55001 65535

Save
Exit
Reboot (if you like)
And you are done!

The post Ephemeral port range for FTP appeared first on VeriTeknik.

Ephemeral – VeriTeknik

Ephemeral port range for FTP