On May 19, 2006, at 8:55 PM, jekillen wrote:

I am trying to deny ftp access to my web site from out side. I have two nics on the server and access it from the inside network via one and serve to the public on the other. I tried to write a rule in hosts.allow to deny ftp connections to the public ip address which has worked. But a side effect is that I can now not connect from local machines via

Your machine is connected to the outside world and you are not running a firewall?

If I understand correctly hosts.allow (and the hosts_access library routines) operate in the applications themselves. The only reason you wish to keep the outside world from reaching your ftpd is out of fear that its somehow vulnerable and/or someone will come across your username/password combination. So, nip it in the bud with a firewall rule and never let them get that close. Simply deny port 21 incoming on your external interface. Everything should work as always on your internal interface.

In ipfw where $nic_ext is fxp0 or whatever your extenal NIC is named:

ipfw add deny ip from any to any ftp in via $nic_ext

Whom computers would destroy, they must first drive mad.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to