configure ftpd port range

[Lowell Gilbert]

John DeStefano <deesto at yahoo.com> writes:

> Due to ISP restrictions, I must change the default port on which ftpd 
> runs in order to enable ftp access to and from my machine.

That would violate the FTP spec, and isn't supported (IIRC) by the
standard FreeBSD ftpd.

> I had to do the same for my httpd server, but that information was a
> bit more accessible.
> Reading material has been sparse, but I've read that adding a port 
> number/range to the ftpd entry /etc/services and /etc/inetd.conf might
> do the trick.
> Is this an acceptible way of going about changing the ftp ports?

It won't work.

> If this box is sitting behind a hardware firewall (Linksys router), what 
> range would you recommend I open in the firewall for a maximum of 5
> ftp users?  Same question for security on the FBSD box itself?

This is going to be a royal pain anyway.  The FTP protocol is tricky
to get through firewalls, and *very* tricky to get through NAT.

If you can use, e.g., scp(1) to move your files around, you'll be in
much better shape -- FTP passes cleartext passwords.  However, if
you're really stuck on FTP (and I am not encouraging you to violate
your contract with your ISP, but just giving the advice for
informational purposes), there are other FTP daemons that can change
the base ports.  You'll need to punch holes for the data ports, though.

> Quick sidebar: DNS is setting my domainname to my ISP's domain,
> not my local domain, which is causing some problems.  "man 
> domainname" tells me " The super-user can set the domain name by 
> supplying an argument", which I assume means "domainname 
> <domain>".  But this setting does not stick on reboot.  Is there an 
> easy fix?

According to the FreeBSD Handbook, the FreeBSD FAQ, and the rc.conf(5)
manual, setting "hostname" in /etc/rc.conf is what you're looking for.