Restricting access to ftp and ispconfig3

Discussion in 'Installation/Configuration' started by jysse, Jul 3, 2009.

  1. jysse

    jysse New Member

    Hi,

    What is the best method to restrict access to ftp ? I mean that I would like to allow ftp access only to certain ip's not for the whole world.
    If that can be done with iptables, then what kind of a rule ? Where shall I put it ?

    Thank,

    Jysse
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

  3. jysse

    jysse New Member

    Unfortunately I did'nt succeed with this. I don't that think that I can use host.deny/host.allow because pure-ftpd is a stanalone daemon. Is this correct ?
    Looks like it when I check /etc/default/pure-ftpd-common.

    Tried to add an iptables rule:
    iptables -A PUB_IN -s ipaddresssource -d ipaddressserver -p tcp --dport 21 -j ACCEPT
    This would not let me in with ftp.

    I think that fail2ban could also be a nice solution. Tested it with ssh. Result was not what I expected. Looking at fail2ban.log I can see that ip was banned. Despite that I was able to log in from that same address with ssh client ?
    Also I did add a jail for pure-ftpd but there was no affect. (/etc/fail2ban/jail.conf)

    Thanks for your help.

    jysse
     

Share This Page