RE: Blocking FTP to external-network users

From: Serge Maandag (serge@staff.zeelandnet.nl)
Date: Mon Jan 31 2000 - 05:07:48 EST


A simple solution is to add an in.ftpd entry to your /etc/hosts.allow and
hosts.deny, but that wouldn't make it secure for IP-spoofing. The better way
would be to use IPchains. the -i options allows you to specify an interface.
Example:

ipchains -P input DENY
ipchains -A input -i eth0 -s 10.0.0.0/24 -j ACCEPT

The above example says:
DENY everything, but
ACCEPT all traffic coming from eth0 with source-address 10.0.0.0 to
10.0.0.255.

This is just a basic example. Extend it with -p ftp and -p ftp-data and all
the other options you want.

Have a look at: http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html

Serge Maandag.

-----Original Message-----
From: Daniel Zeaiter [mailto:daniel@academytiles.com.au]
Sent: maandag 31 januari 2000 9:15
To: linux-net@vger.rutgers.edu
Subject: Blocking FTP to external-network users

I have an FTP server setup on my RH6.1 K2.2.14 machine, but I wish to
only allow computers on my local network (192.168.1.0) to access it. How
is this possible? I figured maybe using IP Chains, but can you use that
to block individual ports?

Thanks in advance!
Daniel Zeaiter.

-- 

Daniel Zeaiter E-Mail: daniel@academytiles.com.au Phone: 0408 242 500 ICQ: 16889511 Website: homepages.ihug.com.au/~mdzeater - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST