On Mon, 31 Jan 2000, Daniel Zeaiter wrote:
> I have an FTP server setup on my RH6.1 K2.2.14 machine, but I wish to
> only allow computers on my local network (192.168.1.0) to access it. How
> is this possible? I figured maybe using IP Chains, but can you use that
> to block individual ports?
> Thanks in advance!
> Daniel Zeaiter.
The tcp_wrappers package allows you to monitor and filter incoming
requests for many network services, including ftp. It's probably already
installed on your machine. The wrapper itself is called tcpd and it uses
two config files - /etc/hosts.allow and /etc/hosts.deny. Usually
hosts.deny contains the "deny all" rule (all: all) - this denies all
service to all hosts, unless they are permitted access by entries in the
hosts.allow file. So in your case include the line
in hosts.allow and you'll be set. Also, check /etc/inetd.conf for similar
ftp stream tcp nowait root /path/to/your/ftpserver
change it to
ftp stream tcp nowait root /path/to/tcpd /path/to/your/ftpserver
and give inetd a HUP.
as for ip spoofing, i think the right thing to do is:
ipchains -A input -j REJECT -i extif -s intlan -d universe -l
where extif is your external interface, intlan is your internal lan
network address (192.168.1.0/24), universe is 0.0.0.0/0
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to firstname.lastname@example.org
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST