Restrict FTP access to specific IP

Discussion in 'ISPConfig 3 Priority Support' started by pawan, Oct 12, 2018.

  1. pawan

    pawan Member

    I am trying to restrict the FTP access to specific IP only.
    To achieve the same I have tried the hosts.allow and hosts.deny, but am not able to make it work.
    I have seen a Post by Till where you mentioned
    https://git.ispconfig.org/ispconfig/ispconfig3/issues/1015
    As far as I know, pure-ftpd obeys the hosts.deny and hosts.allow files. So you can restrict access based on IP addresses to pure-ftpd in these files.

    The syntax I have tried to use in the files is like this:
    hosts.deny
    Code:
    pure-ftpd : ALL : deny
ftp :  ALL : deny
pure-ftp : ALL : deny
ftpd :  ALL : deny
    hosts.alllow
    Code:
    pure-ftpd : localhost : allow
pure-ftpd : 192.168.0. : allow
all : my ip : allow
    what I am missing here.
     
    pawan, Oct 12, 2018
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Have you read the man page?
    Code:
    man hosts.allow
    That shows the syntax to use on your OS.
     
    Taleman, Oct 13, 2018
    #2
  3. pawan

    pawan Member

    Hi Taleman - I am using ubuntu 16.04.
    for sshd it is working fine.
    but for ftp, I couldn't find the resolution.
    When I run the command service --status-all
    I get the ftp service as pure-ftpd-mysql.
    when running pure-ftpd-mysql-status
    I get like below:
    Code:
    Oct 13 19:11:05 server2 pure-ftpd[30404]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
Oct 13 19:11:47 server2 pure-ftpd[30432]: (?@my ip) [INFO] New connection from 106.222.68.57
Oct 13 19:11:49 server2 pure-ftpd[30432]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
Oct 13 19:11:50 server2 pure-ftpd[30432]: (?@my ip) [INFO] mywebm1 is now logged in
Oct 13 19:11:54 server2 pure-ftpd[30432]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
Oct 13 19:15:06 server2 pure-ftpd[31980]: (?@::1) [INFO] New connection from ::1
Oct 13 19:17:13 server2 pure-ftpd[32054]: (?@my ip) [INFO] New connection from 157.41.218.31
Oct 13 19:17:14 server2 pure-ftpd[32054]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
Oct 13 19:17:15 server2 pure-ftpd[32054]: (?@my ip) [INFO] mywebm1 is now logged in
Oct 13 19:17:20 server2 pure-ftpd[32054]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher
    It also lists new connection from ::1, is that fine?
    I have modified the hosts.allow and tried to replace pure-ftpd wiht pure-ftpd-mysql, but no success.
    also if add ALL:ALL in hosts.deny it works, means I am not able to connect.
    what this means is that I am definitely missing in naming the ftp service correctly.
     
    pawan, Oct 13, 2018
    #3

Share This Page