limit FTP access by specific Remote Access IPs for specified ftpuser

Discussion in 'Installation/Configuration' started by prisfeo, Feb 8, 2010.

  1. prisfeo

    prisfeo New Member

    ipconfig 3.0.1.6 on Cento 5.4 - all works
    some websites created and relative ftp accounts.

    well,
    is there a way to limit FTP access by specific Remote Access IPs
    only for specified ftpuser account ?
    (i believe is not present this option inside ispconfig panel, only for phpmyadmin access)

    in other Centos server i use proftpd and i have to configure the proftpd.conf file in order to do this..
    i was wondering how to do the same thing inside this ISPconfig environment
    that i know it does not use proftpd ftp server.

    thanks in advance.
     
  2. till

    till Super Moderator

    I'am not aware of such an option in pure-ftpd. But you might be able to limit access to ftp with iptables.
     
  3. prisfeo

    prisfeo New Member

    thanks Till..
    however, i am almost sure that if i'd use iptables (so a firewall)
    i would limit by specific external IP the entire ftp protocol for all ftpusers and not for a single one..:rolleyes: (since the configured ip is only one onto ispconfig server)
    ..
    i'll look for a solution tweaking the pure-ftpd configuration..

    bye.
     
    Last edited: Feb 9, 2010
  4. prisfeo

    prisfeo New Member

    perhaps know how to do, can be useful for others:

    looking inside: /etc/pure-ftpd/pureftpd-mysql.conf
    it seems configuration can be "enhanced" in order to take in consideration
    the source IP connected to the ftp server.


    # In the following directives, parts of the strings are replaced at
    # run-time before performing queries :
    #
    # \L is replaced by the login of the user trying to authenticate.
    # \I is replaced by the IP address the user connected to.
    # \P is replaced by the port number the user connected to.
    # \R is replaced by the IP address the user connected from.
    # \D is replaced by the remote IP address, as a long decimal number.
    #
    # Very complex queries can be performed using these substitution strings,
    # especially for virtual hosting.


    i think changing the actual queries configured adding the following statement:

    "AND Status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")"

    can achieve the result..
    but in the ispconfig mysql db should be added an extra column called "ipaddress" inside the ftp_user table..and put there the desired IP who can connect from to that specified user..

    i'll try..
     

Share This Page