limit FTP access by specific Remote Access IPs for specified ftpuser

Discussion in 'Installation/Configuration' started by prisfeo, Feb 8, 2010.

  1. prisfeo

    prisfeo New Member

    ipconfig on Cento 5.4 - all works
    some websites created and relative ftp accounts.

    is there a way to limit FTP access by specific Remote Access IPs
    only for specified ftpuser account ?
    (i believe is not present this option inside ispconfig panel, only for phpmyadmin access)

    in other Centos server i use proftpd and i have to configure the proftpd.conf file in order to do this..
    i was wondering how to do the same thing inside this ISPconfig environment
    that i know it does not use proftpd ftp server.

    thanks in advance.
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    I'am not aware of such an option in pure-ftpd. But you might be able to limit access to ftp with iptables.
  3. prisfeo

    prisfeo New Member

    thanks Till..
    however, i am almost sure that if i'd use iptables (so a firewall)
    i would limit by specific external IP the entire ftp protocol for all ftpusers and not for a single one..:rolleyes: (since the configured ip is only one onto ispconfig server)
    i'll look for a solution tweaking the pure-ftpd configuration..

    Last edited: Feb 9, 2010
  4. prisfeo

    prisfeo New Member

    perhaps know how to do, can be useful for others:

    looking inside: /etc/pure-ftpd/pureftpd-mysql.conf
    it seems configuration can be "enhanced" in order to take in consideration
    the source IP connected to the ftp server.

    # In the following directives, parts of the strings are replaced at
    # run-time before performing queries :
    # \L is replaced by the login of the user trying to authenticate.
    # \I is replaced by the IP address the user connected to.
    # \P is replaced by the port number the user connected to.
    # \R is replaced by the IP address the user connected from.
    # \D is replaced by the remote IP address, as a long decimal number.
    # Very complex queries can be performed using these substitution strings,
    # especially for virtual hosting.

    i think changing the actual queries configured adding the following statement:

    "AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")"

    can achieve the result..
    but in the ispconfig mysql db should be added an extra column called "ipaddress" inside the ftp_user table..and put there the desired IP who can connect from to that specified user..

    i'll try..

Share This Page