Ephemeral port range for FTP

The standart linux distrubition calls that the ephemeral port range be between 1024 and 4999. We we all know that some of these ports are used for other more importand applications than FTP. So security is an issue because leaving those original ports open leads to major security holes. Rather than openning ports that need higher security for FTP we will change the port range. With this modified port range you can open your firewall to ports that do not have any use but PASV FTP.

First find out what the defined port range is

# cat /proc/sys/net/ipv4/ip_local_port_range
1024 4999

Know select the port range that you wan, I will define a port range of my desire but this is up to the network admin.
To change the port range you have two option

Edit with nano or vi /proc/sys/net/ipv4/ip_local_port_range
Or

echo “55001 65535″ > /proc/sys/net/ipv4/ip_local_port_range

These will both change the port, chech this with # cat /proc/sys/net/ipv4/ip_local_port_range

To make these changes permanent as these definitions will vanish on every reboot you need to put a script in /etc/sysctl.conf

Nano or vi /etc/sysctl.conf
Add

# Controls Ephemeral Port Range (this is for the admin to remember what it is)
net.ipv4.ip_local_port_range = 55001 65535

Save
Exit
Reboot (if you like)
And you are done!

  • 8 Users Found This Useful
Was this answer helpful?

Related Articles

Setting time with NTP in LINUX

NTP (Network Time Protocol) could be used to set time synced with ntp clocks, to do this use the...

Linux version & Operating System info

LINUX Version Info To learn the architecture and kernel version info use the shell command...

Ephemeral port range for FTP

The standart linux distrubition calls that the ephemeral port range be between 1024 and 4999. We...

Build PHP5.5 on CentOS 6.4 with MSSQL Support [cite]

Most of the yum repos doesn’t include PHP5.5.X on current releases for the time being. So...

Change Outgoing IP of Postfix Mail Server

This can get quite important when your mail server is blacklisted, or if you somehow want to...