[lug] FTP services - disarming daemon
jstarkey at ajstarkey.com
Wed Aug 9 13:46:42 MDT 2000
ok. Thanks, this worked, as far as I can tell. I'm able, atleast to ftp
things too me. Now I have a couple IP's I need to be able to ftp to my
machine. I tried connecting from my web host service. And I can't even get
a login (this is good, thanks).
I tried modifying the below ipchains to ALLOW two of the other IPs I need
access for. But to no avail. Is there a switch or option I need to know
about to do that?? I changed -j to ALLOW and subbed the $host to one of
the needed IPs.
On Wed, 9 Aug 2000, Jarosko, Bill wrote:
> I would really like to have ftp for my own
> use but looks like that's not even possible. DSL it is once I move next
> recieve requests from 192.168s? I can't log on now. And I can't remember
> what I changed, obviously something but whatever it was didn't take affect
> How about instead of shutting down the service you just block outside traffic.
> ipchains should work well enough for this.
> I assume you have no ipchains rules as of yet, i.e. you haven't set up a firewall yet.
> Exter = whatever interface your cable comes in on, i.e. eth0, ppp0, whatever.
> hostip = your machines ip
> ipchains -A input -i $Exter -p tcp -s 0.0.0.0/0 1024:65535 -d $hostip 21 -j DENY
> Quick explanation:
> ipchains -A input (append the input rule)
> -i (tells ipchains to watch this interface)
> -p tcp (tells ipchains which protocol)
> -s (this is the source switch, in this case we want all IP's so 0.0.0.0/0)
> 1024:65535 (the port numbers of remote machines used to connect to ftp)
> -d (destination switch, your ip addr and ftp port number(21))
> -j (policy, what should it do, in this case deny, it doesn't tell TCI(AT&T) it even exists)
> that should do it, but if not, send another email.
> And if you'd like to block telnet just change the port number from 21 to 23.
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG