jekillen wrote:
Hello all;
I am trying to deny ftp access to my web site from out side. I have two
nics on the server and access it from the inside network via one and
serve to the public on the other.
I tried to write a rule in hosts.allow to deny ftp connections to the
public ip address which has worked. But a side effect is that I can now
not connect from local machines via
ssh. I reverted back to 'ALL : all ; allow' to confirm that that was in
deed why ssh started refusing connections, as it now will accept
connections. I even ssh'd to one machine
and while in that shell, ssh'd to the server and got in to the server
via another machine on the local network.
I am concerned because I have had repeated attempts to login to the
server over ftp from outside. I do all the development and posting from
local
network so there is no reason whatsoever for anyone from the out side to
get ftp access to my site.
How can I do this in hosts.allow?
A few nights ago I noticed odd activity on the router (leds going
bananas) so I did tcpdump on the server and saw a great deal of ftp
activity that didn't look right, from
foreign addresses. I shut the web server and the secondary dns server
down while I dug through Absolute FreeBSD to get some direction.
I can live with ssh refusing local connections but I don't think it
should be that way.
Thanks in advance;
JK
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
Default to denying everything... and then add rules to allow the few you
would like to have access. Here is a snippet from my hosts.allow.
sshd : A.B.C.D : allow
sshd : SomeHostName : allow
sshd : D.E.F.0/255.255.255.0 : allow
sshd : H.I.J.0/255.255.255.0 : allow
sshd : ALL : deny
sendmail : localhost : allow
sendmail : ALL : deny
cupsd : localhost : allow
cupsd : ALL : deny
# ftpd does not have tcpwrappers :(
# must run via inetd context
ftpd : localhost : allow
ftpd : A.B.C.D : allow
ftpd : ALL : deny
# DENY DENY DENY
ALL : ALL : deny
replace alpha chars with appropriate ip addresses. See 'man hosts.allow'
Note that a firewall would be quite helpful as well. But that's another
post.
HTH,
--
Regards,
Eric
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"