Results 1 to 5 of 5

Thread: FTP server.. for only a certain ip block.

  1. #1

    FTP server.. for only a certain ip block.

    I want to setup a ftp servier for a certain ip block. What is the best ftp server prog out there... ANd can I only give access to a certain ip range/block...

  2. #2
    Senior Member
    Join Date
    Sep 2002
    Posts
    421

    Re:FTP server.. for only a certain ip block.

    I use proftp. It's secure, easy to configure and easily extensible with modules for more advanced configs.

    To allow ftp acces from only a certain IP block I'd use iptables and not rely on the ftp server to handle it. (Don't know if proftpd even could do it.) If you want passive transfers be sure to not only allow port 21 but also a range of high ports (I use 62000-64000) through the firewall. Then you can tell proftpd to use only these ports for passive transfers with the directive PassivePorts 62000 64000. If you want active transfers as well remember to open up port 20.

  3. #3
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:FTP server.. for only a certain ip block.

    I agree, filter the port thru a firewall and only allow certain subnets thru that way (or specific IPs). Simplest, safest, and easiest way that I could come up with.

  4. #4

    Re:FTP server.. for only a certain ip block.

    how would I do that with ipchains or what ever it's calle or both..

  5. #5
    Senior Member
    Join Date
    Sep 2002
    Posts
    421

    Re:FTP server.. for only a certain ip block.

    Use iptables, not ipchains (unless you're still running linux 2.2.x). To allow ftp connection from the net 192.168.1.0/24 (192.168.1.0-192.168.1.255) do this:

    iptables -A INPUT -i <net_interface> -s 192.168.1.0/24 -p tcp --dport 20:21 -j ACCEPT
    iptables -A INPUT -i <net_interface> -s 192.168.1.0/24 -p tcp --dport 62000:64000 -j ACCEPT

    If you only want a single IP replace 192.168.1.0/24 with eg 1.2.3.4.

    Note that this assumes that iptables is already setup to a certain degree (ie it's running with a default policy of DROP for the INPUT chain). If that's not the case this thread might help.

Similar Threads

  1. How to block the IP in particular folder
    By Hariharan in forum Linux - Software, Applications & Programming
    Replies: 6
    Last Post: 08-24-2010, 05:21 AM
  2. Block ULTRA SURF
    By forudal in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 09-02-2009, 06:08 PM
  3. Be the first on your block....
    By Fatal Error in forum General Chat
    Replies: 0
    Last Post: 04-02-2005, 02:33 PM
  4. fd0 not a block device
    By Pantheus in forum Linux - General Topics
    Replies: 25
    Last Post: 10-08-2002, 10:26 PM
  5. How can one check which IP block belongs to which?
    By Compunuts in forum General Chat
    Replies: 4
    Last Post: 01-21-2002, 03:38 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •