# Changing default FTP port in 10.2



## gatorparrots (Oct 4, 2002)

Rather than deal with the new FTP daemon in OS X 10.2 (lukemftpd) and its lack of- and mis-documentation, I opted to go with a different daemon altogether. Instead, I chose Pure-ftpd (http://www.pureftpd.org/), which seemed to have the right feature set and flexibility to meet my needs (chroot, quotas, bandwidth throttling, etc.).

Now that I have it installed and configured correctly, I would like to change the port it is listening on. This is a trivial change if it is running in standalone mode (just pass the switch 'S -<portnumber>' to it). However, I prefer to have it run under xindetd, which it does beautifully... except it will not honor the  '-S' switch in xinetd mode, because something else is superceding it.

So... the question posed is this:
How does one change the default ftp port in OS X 10.2? I'm after a bit of 'security through obscurity' by dropping off the port 21 radar. I'd rather use another unassigned port <1024 instead of the default 20/21 pair. I'm assuming this is done in NetInfo, but am not aware of the exact methodology under OS X to accomplish this.


----------



## buc99 (Oct 6, 2002)

Can't you just set this in the Firewall set-up in "System Preferences"?

I know you can add other ports here. Can you edit default ports here also?

Good Luck.
SA


----------



## gatorparrots (Oct 6, 2002)

I think this is the definitive answer:
http://discussions.info.apple.com/WebX?14@27.FGZcaPIWeKB.41@.3bba5458/8

It seems like 10.2 defaults to a more traditional "/etc/services" behavior under 10.2, unless something overrides that default. [NetInfo Manager's 'services' listing is apparently not used in 10.2].

So simply editing the */etc/services* file is the correct methodology under 10.2, apparently. Too bad it only works locally (localhost)... it won't get past my router from the internet at large. 

_[This also happens to be true of the ipfw port forwarding method buc99 mentions... It would work locally over the intranet in our office, but not for the internet at large outside of our router's domain.]_


----------

