Several options (you may wish to implement them all for maximum security,
depending on your needs).
1. Use ipchains (now iptables in 2.4.1) to set up your linux system as a
firewall. YOu can use ipchains to specifically specify that incoming
connections to port 21 (FTP server) can only be accepted from internal hosts
and not from the outside world. See the ipchains HOWTO and references
therein for details on how to do this - it isn't very hard.
2. Wrapper your network services using inetd. (I am told xinetd is a better
version for this, but I haven't toyed with it yet, although by default it is
installed my my mdk system instead of inetd). In anycase, inetd is a server
that is used to control access to other network services. Basically, inetd
listens for incoming connections on specified ports, and when it gets one,
it spawns the appropriate server (in this case ftpd) to handle it. You can
configure it, via the hosts.allow and hosts.deny files in /etc to accept /
reject connections for specified hosts for specified services. Try 'man
inetd' or man 'xinetd' and learn from there.
3. You might also want to check out the security HOWTO and other related
docs for a plethora of information on securing your linux system. THere is
also a book on internet firewalling under linux, I think from O'Reilly
press, that I have coveted at the bookstore but never gotten around to
buying.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Leopold Palomo
> Sent: Wednesday, February 07, 2001 4:50 AM
> To: Expert
> Subject: [expert] How to limit the ftp service?
>
>
> Dear people,
>
> I have a box connected to external net, and a internal net. Typical
> configuration of a box giving services to a internal net as firewall and
> gateway from the external net. The question is that we have a ftp
> service, but we would to limit this service to the internal net, and I
> don't know how to do it. Maybe it's very simple, but I don't know how.
> Any ideas?
>
> Best regards,
>
> Leo
>
>
> --
> Leopold Palomo Avellaneda
>
> Linux User 152692
> Catalonia
>
>
>
>
>
