Ephemeral port range for FTP

The standart linux distrubition calls that the ephemeral port range be between 1024 and 4999. We we all know that some of these ports are used for other more importand applications than FTP. So security is an issue because leaving those original ports open leads to major security holes. Rather than openning ports that need higher security for FTP we will change the port range. With this modified port range you can open your firewall to ports that do not have any use but PASV FTP.

First find out what the defined port range is

# cat /proc/sys/net/ipv4/ip_local_port_range
1024 4999

Now select the port range that you want, I will define a port range of my desire but this is up to the network admin.
To change the port range you have two option

Edit with nano or vi /proc/sys/net/ipv4/ip_local_port_range
Or

echo “55001 65535? > /proc/sys/net/ipv4/ip_local_port_range

These will both change the port, chech this with # cat /proc/sys/net/ipv4/ip_local_port_range

To make these changes permanent as these definitions will vanish on every reboot you need to put a script in /etc/sysctl.conf

Nano or vi /etc/sysctl.conf
Add

# Controls Ephemeral Port Range (this is for the admin to remember what it is)
net.ipv4.ip_local_port_range = 55001 65535
Save
Exit
Reboot (if you like)
And you are done!
  • 113 Usuários acharam útil
Esta resposta lhe foi útil?

Artigos Relacionados

A Simple FTP Status Daemon

Here is a clumsy script to check on an FTP Service on a remote server if running or down. The...

Add New Hosting to a System Installed With Plugged.sh

If you use our LAMP installer script and want to add a new domain afterwards, we’ve created...

Ephemeral port range for FTP

The standart linux distrubition calls that the ephemeral port range be between 1024 and 4999. We...