[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to limit ftp access by ip address using iptables

Posted on 2011-03-03
8
Medium Priority
?
523 Views
Last Modified: 2012-05-11
I would like to use iptables to limit access to ftp by ip address. What is the proper iptables syntax for that.
0
Comment
Question by:richmarotta1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 2000 total points
ID: 35029814
You can use iptables or you can use tcp wrappers.

for iptables
iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j ACCEPT

iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j DROP

edit the file /etc/hosts.allow and enter
ftpd : localhost : allow
ftpd: 192.168.0.254 : deny
0
 

Author Comment

by:richmarotta1
ID: 35031076
I only changed the ip tables portion

iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j ACCEPT


This worked for my ftp client but is not working for Dreamweavers ftp transer method on the same development laptop. Any ideas why dreamweaver won't connect?
 
0
 

Author Comment

by:richmarotta1
ID: 35031088
What does this do and why would this be necessary?

I got ftp to work without it.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 31

Expert Comment

by:farzanj
ID: 35031139
You don't have to do it normally, only when you are blocking a lot of addresses/ ports etc.

On your FTP, the dreamweaver user may not be enabled.  I don't know how you are exactly doing it.
0
 

Author Comment

by:richmarotta1
ID: 35031162
I can connect to many other servers using dreamweaver so I don't think it'd the dreamweaver user on my laptop. The dreamweaver ftp client has the same server, user and pword as the ftp client.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35031198
ok.

I don't know your architecture.  What is not working?  Are you trying to ftp to the ftp server from dreamweaver ftp client.  Is the user id that dream weaver using is accessed without a trouble without using dreamweaver?
0
 

Author Comment

by:richmarotta1
ID: 35031206
yes and yes
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35031217
Check the port number that Dream Weaver trying to ftp to.  It should be 21.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month12 days, 21 hours left to enroll

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question