Solved

How to limit ftp access by ip address using iptables

Posted on 2011-03-03
8
519 Views
Last Modified: 2012-05-11
I would like to use iptables to limit access to ftp by ip address. What is the proper iptables syntax for that.
0
Comment
Question by:richmarotta1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 35029814
You can use iptables or you can use tcp wrappers.

for iptables
iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j ACCEPT

iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j DROP

edit the file /etc/hosts.allow and enter
ftpd : localhost : allow
ftpd: 192.168.0.254 : deny
0
 

Author Comment

by:richmarotta1
ID: 35031076
I only changed the ip tables portion

iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j ACCEPT


This worked for my ftp client but is not working for Dreamweavers ftp transer method on the same development laptop. Any ideas why dreamweaver won't connect?
 
0
 

Author Comment

by:richmarotta1
ID: 35031088
What does this do and why would this be necessary?

I got ftp to work without it.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 31

Expert Comment

by:farzanj
ID: 35031139
You don't have to do it normally, only when you are blocking a lot of addresses/ ports etc.

On your FTP, the dreamweaver user may not be enabled.  I don't know how you are exactly doing it.
0
 

Author Comment

by:richmarotta1
ID: 35031162
I can connect to many other servers using dreamweaver so I don't think it'd the dreamweaver user on my laptop. The dreamweaver ftp client has the same server, user and pword as the ftp client.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35031198
ok.

I don't know your architecture.  What is not working?  Are you trying to ftp to the ftp server from dreamweaver ftp client.  Is the user id that dream weaver using is accessed without a trouble without using dreamweaver?
0
 

Author Comment

by:richmarotta1
ID: 35031206
yes and yes
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35031217
Check the port number that Dream Weaver trying to ftp to.  It should be 21.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question