?
Solved

How to limit ftp access by ip address using iptables

Posted on 2011-03-03
8
Medium Priority
?
522 Views
Last Modified: 2012-05-11
I would like to use iptables to limit access to ftp by ip address. What is the proper iptables syntax for that.
0
Comment
Question by:richmarotta1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 2000 total points
ID: 35029814
You can use iptables or you can use tcp wrappers.

for iptables
iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j ACCEPT

iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j DROP

edit the file /etc/hosts.allow and enter
ftpd : localhost : allow
ftpd: 192.168.0.254 : deny
0
 

Author Comment

by:richmarotta1
ID: 35031076
I only changed the ip tables portion

iptables -A INPUT -p tcp -s <SOURCE_IP_ADDR/MASK>  --dport ftp  -j ACCEPT


This worked for my ftp client but is not working for Dreamweavers ftp transer method on the same development laptop. Any ideas why dreamweaver won't connect?
 
0
 

Author Comment

by:richmarotta1
ID: 35031088
What does this do and why would this be necessary?

I got ftp to work without it.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 31

Expert Comment

by:farzanj
ID: 35031139
You don't have to do it normally, only when you are blocking a lot of addresses/ ports etc.

On your FTP, the dreamweaver user may not be enabled.  I don't know how you are exactly doing it.
0
 

Author Comment

by:richmarotta1
ID: 35031162
I can connect to many other servers using dreamweaver so I don't think it'd the dreamweaver user on my laptop. The dreamweaver ftp client has the same server, user and pword as the ftp client.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35031198
ok.

I don't know your architecture.  What is not working?  Are you trying to ftp to the ftp server from dreamweaver ftp client.  Is the user id that dream weaver using is accessed without a trouble without using dreamweaver?
0
 

Author Comment

by:richmarotta1
ID: 35031206
yes and yes
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35031217
Check the port number that Dream Weaver trying to ftp to.  It should be 21.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month9 days, 1 hour left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question