On May 19, 2006, at 8:55 PM, jekillen wrote:
I am trying to deny ftp access to my web site from out side. I have
two nics on the server and access it from the inside network via
one and serve to the public on the other.
I tried to write a rule in hosts.allow to deny ftp connections to
the public ip address which has worked. But a side effect is that I
can now not connect from local machines via
ssh.
Your machine is connected to the outside world and you are not
running a firewall?
If I understand correctly hosts.allow (and the hosts_access library
routines) operate in the applications themselves. The only reason you
wish to keep the outside world from reaching your ftpd is out of fear
that its somehow vulnerable and/or someone will come across your
username/password combination. So, nip it in the bud with a firewall
rule and never let them get that close. Simply deny port 21 incoming
on your external interface. Everything should work as always on your
internal interface.
In ipfw where $nic_ext is fxp0 or whatever your extenal NIC is named:
ipfw add deny ip from any to any ftp in via $nic_ext
--
David Kelly N4HHE, [EMAIL PROTECTED]
========================================================================
Whom computers would destroy, they must first drive mad.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"