Change port that the iSeries FTP server listens on

Found this on Search400

… how to change your FTP server to use a port other than the default port of 21. Ports in the range of 0-1023 are reserved and well-known ports, with port 21 being the established standard for FTP. The reason most people want to do this is to make it harder for someone to gain unauthorized access to your FTP server.

Although this may make it more difficult for someone to discover that you are running an FTP server, this by itself will not prevent someone from being able to discover and potentially hack into your FTP server. If you decide to use this technique, keep in mind that this is no substitute for other types of security and should be viewed as only a very small piece of your security infrastructure. If you have existing FTP programs or scripts, you will need to change them to access your new FTP port.

For anyone who has tried to do this, you may have noticed that the port can’t be changed using the CHGFTPA command. Here is how to make the changes.

  1. Enter the command WRKSRVTBLE and scroll down to the services that are labeled ftp-control.
  2. Display and print these entries.
  3. Use the command ADDSRVTBLE to duplicate these entries exactly as they appear, with the exception that you will specify a new port number. To get lowercase values to stay lowercase, make sure they are enclosed in single quotes. When you specify your new FTP port, you should avoid using the reserved ports of 0-1023. You should also try to avoid using other ports that are already defined.
  4. Compare your new entries to the existing entries that are on port 21 to ensure that everything is an exact match.
  5. Delete your existing entries for service ftp-control that is on port 21.
  6. End and restart TCP/IP.
  7. If you wish, entries labeled ftp-data can also be changed in a similar manner.

When you access FTP from the AS/400, you will now have to specify the port. From the AS/400 the FTP command would look like this:

FTP RMTSYS (‘10.10.10.10’) PORT (21021)
From the DOS prompt, it would look like this:

C:WINDOWS>ftp
ftp> open 10.10.10.10 21021

Leave a Reply

Your email address will not be published.