Date: Sat, 26 Jul 2003 07:06:15 -0700 (PDT) From: John DeStefano <deesto@yahoo.com> To: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> Cc: freebsd-questions@freebsd.org Subject: Re: configure ftpd port range Message-ID: <20030726140615.15625.qmail@web40605.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
> Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com>> wrote: Thanks for your response, Lowell, as always. John DeStefano writes: >> Due to ISP restrictions, I must change the default port on which ftpd >> runs in order to enable ftp access to and from my machine. > That would violate the FTP spec, and isn't supported (IIRC) by the > standard FreeBSD ftpd. Obviously, I'm not looking to 'violate' any specs, or to have any RFCs changed in order to accomodate my personal server. I'm just looking for a viable solution to a problem that I'm sure others have come across. >> I had to do the same for my httpd server, but that information was a >> bit more accessible. >> Reading material has been sparse, but I've read that adding a port >> number/range to the ftpd entry /etc/services and /etc/inetd.conf might >> do the trick. >> Is this an acceptible way of going about changing the ftp ports? > It won't work. Why not? If you were to specify a new port number both in 'services' and 'inetd.conf', and the proper firewall holes were punched, why would it fail? >> If this box is sitting behind a hardware firewall (Linksys router), what >> range would you recommend I open in the firewall for a maximum of 5 >> ftp users? Same question for security on the FBSD box itself? > This is going to be a royal pain anyway. The FTP protocol is tricky > to get through firewalls, and *very* tricky to get through NAT. > If you can use, e.g., scp(1) to move your files around, you'll be in > much better shape -- FTP passes cleartext passwords. However, if > you're really stuck on FTP (and I am not encouraging you to violate > your contract with your ISP, but just giving the advice for > informational purposes), there are other FTP daemons that can change > the base ports. You'll need to punch holes for the data ports, though. Strangely enough, it sounds like moving away from the stock ftpd, and using a 3PP daemon to configure the new ports, is the way to go. Any suggestions on ports and methods? >> Quick sidebar: DNS is setting my domainname to my ISP's domain, >> not my local domain, which is causing some problems. "man >> domainname" tells me " The super-user can set the domain name by >> supplying an argument", which I assume means "domainname >> ". But this setting does not stick on reboot. Is there an >> easy fix? > According to the FreeBSD Handbook, the FreeBSD FAQ, and the rc.conf(5) > manual, setting "hostname" in /etc/rc.conf is what you're looking for. The handbook merely specifies to use the format: hostname="foo.example.com" in rc.conf; it doesn't say what to do when the system automatically changes the hostname on you on boot/reboot, presumably due to DHCP communications. I could be mistaken, but I don't see this topic in the FAQ (which currently covers up to 4.X) at all. 'man' says: "If dhclient(8) is used to set the hostname via DHCP, this variable should be set to an empty string." However, I believe that's what's happening now and may be the reason why 'hostname' is getting reset incorrectly; see below: # cat /etc/rc.conf |grep hostname #hostname="gandalf.istari" hostname="gandalf" hostname="gandalf.Optonline.net" My manual entry has been commented out, and new entries made. How would one keep this from getting changed automatically? Thanks, John __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030726140615.15625.qmail>