How to restrict ftp access based on the IP-Adress

Forum Moderators: phranque

Message Too Old, No Replies

How to restrict ftp access based on the IP-Adress

timmer

1:21 pm on Feb 10, 2003 (gmt 0)

Hello Together

I want to restrict the ftp access based on the IP-Adress and
a specific UNIX user and group.
I haven't a problem to set up user and group for ftp access
but I haven't the skills to restriction the access also based on the IP-Adress.

Have anybody a idea?

Thanks :-}

lazerzubb

11:34 am on Feb 12, 2003 (gmt 0)

Welcome to Webmaster World [webmasterworld.com]

Sorry can't really help you, you can probably do it for online viewing via .htaccess, otherwise i don't know how to do it, anyone else might know?

jpjones

11:51 am on Feb 12, 2003 (gmt 0)

Here are some ideas for you if you have access to the boxes' main configuration files.

1) Use the inetd configuration files.
/etc/hosts.allow and /etc/hosts.deny files, and you are using the INET service to call the ftp server, then you could add the following:

In file /etc/hosts.deny:
in.proftpd: ALL

In file /etc/hosts.allow:
in.proftpd: xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy

You may need to change the in.proftpd to match the entry for ftp in your /etc/inetd.conf file.
(Run grep ftp /etc/inetd.conf and look to the last entry of the returned ftp line)

2) Set up a firewall rule either on your box (using IPCHAINS or IPTABLES depending on your kernel version) or at your upstream provider to only allow ftp access to selected IP ranges.

Hope thats of some help!
JP