HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   limit FTP access by specific Remote Access IPs for specified ftpuser (http://www.howtoforge.com/forums/showthread.php?t=43349)

prisfeo 8th February 2010 17:01

limit FTP access by specific Remote Access IPs for specified ftpuser
 
ipconfig 3.0.1.6 on Cento 5.4 - all works
some websites created and relative ftp accounts.

well,
is there a way to limit FTP access by specific Remote Access IPs
only for specified ftpuser account ?
(i believe is not present this option inside ispconfig panel, only for phpmyadmin access)

in other Centos server i use proftpd and i have to configure the proftpd.conf file in order to do this..
i was wondering how to do the same thing inside this ISPconfig environment
that i know it does not use proftpd ftp server.

thanks in advance.

till 9th February 2010 09:31

I'am not aware of such an option in pure-ftpd. But you might be able to limit access to ftp with iptables.

prisfeo 9th February 2010 09:45

Quote:

Originally Posted by till (Post 218908)
I'am not aware of such an option in pure-ftpd. But you might be able to limit access to ftp with iptables.

thanks Till..
however, i am almost sure that if i'd use iptables (so a firewall)
i would limit by specific external IP the entire ftp protocol for all ftpusers and not for a single one..:rolleyes: (since the configured ip is only one onto ispconfig server)
..
i'll look for a solution tweaking the pure-ftpd configuration..

bye.

prisfeo 9th February 2010 10:06

perhaps know how to do, can be useful for others:

looking inside: /etc/pure-ftpd/pureftpd-mysql.conf
it seems configuration can be "enhanced" in order to take in consideration
the source IP connected to the ftp server.


# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.


i think changing the actual queries configured adding the following statement:

"AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")"

can achieve the result..
but in the ispconfig mysql db should be added an extra column called "ipaddress" inside the ftp_user table..and put there the desired IP who can connect from to that specified user..

i'll try..


All times are GMT +2. The time now is 14:56.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.