Restrict FTP access to specific IP

Discussion in 'ISPConfig 3 Priority Support' started by pawan, Oct 12, 2018.

  1. pawan

    pawan Member HowtoForge Supporter

    I am trying to restrict the FTP access to specific IP only.
    To achieve the same I have tried the hosts.allow and hosts.deny, but am not able to make it work.
    I have seen a Post by Till where you mentioned
    https://git.ispconfig.org/ispconfig/ispconfig3/issues/1015
    As far as I know, pure-ftpd obeys the hosts.deny and hosts.allow files. So you can restrict access based on IP addresses to pure-ftpd in these files.

    The syntax I have tried to use in the files is like this:
    hosts.deny
    Code:
    pure-ftpd : ALL : deny
    ftp :  ALL : deny
    pure-ftp : ALL : deny
    ftpd :  ALL : deny
    hosts.alllow
    Code:
    pure-ftpd : localhost : allow
    pure-ftpd : 192.168.0. : allow
    all : my ip : allow
    
    what I am missing here.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Have you read the man page?
    Code:
    man hosts.allow
    That shows the syntax to use on your OS.
     
  3. pawan

    pawan Member HowtoForge Supporter

    Hi Taleman - I am using ubuntu 16.04.
    for sshd it is working fine.
    but for ftp, I couldn't find the resolution.
    When I run the command service --status-all
    I get the ftp service as pure-ftpd-mysql.
    when running pure-ftpd-mysql-status
    I get like below:
    Code:
    Oct 13 19:11:05 server2 pure-ftpd[30404]: ([email protected] ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
    Oct 13 19:11:47 server2 pure-ftpd[30432]: ([email protected] ip) [INFO] New connection from 106.222.68.57
    Oct 13 19:11:49 server2 pure-ftpd[30432]: ([email protected] ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
    Oct 13 19:11:50 server2 pure-ftpd[30432]: ([email protected] ip) [INFO] mywebm1 is now logged in
    Oct 13 19:11:54 server2 pure-ftpd[30432]: ([email protected] ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
    Oct 13 19:15:06 server2 pure-ftpd[31980]: ([email protected]::1) [INFO] New connection from ::1
    Oct 13 19:17:13 server2 pure-ftpd[32054]: ([email protected] ip) [INFO] New connection from 157.41.218.31
    Oct 13 19:17:14 server2 pure-ftpd[32054]: ([email protected] ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
    Oct 13 19:17:15 server2 pure-ftpd[32054]: ([email protected] ip) [INFO] mywebm1 is now logged in
    Oct 13 19:17:20 server2 pure-ftpd[32054]: ([email protected] ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
    It also lists new connection from ::1, is that fine?
    I have modified the hosts.allow and tried to replace pure-ftpd wiht pure-ftpd-mysql, but no success.
    also if add ALL:ALL in hosts.deny it works, means I am not able to connect.
    what this means is that I am definitely missing in naming the ftp service correctly.
     

Share This Page