From owner-freebsd-questions@FreeBSD.ORG Fri May 21 00:40:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A37AE16A4CE for ; Fri, 21 May 2004 00:40:34 -0700 (PDT) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 146FF43D31 for ; Fri, 21 May 2004 00:40:34 -0700 (PDT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1BR4dK-0001XX-00 for ; Fri, 21 May 2004 09:39:58 +0200 Received: from r2i215.mistral.cz ([62.245.72.215]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 21 May 2004 09:39:58 +0200 Received: from element by r2i215.mistral.cz with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 21 May 2004 09:39:58 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Pavel Duda Date: Fri, 21 May 2004 09:40:43 +0200 Lines: 30 Message-ID: References: <40AD93CA.2010308@rbcmail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: r2i215.mistral.cz User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en In-Reply-To: <40AD93CA.2010308@rbcmail.ru> Sender: news Subject: Re: How to secure ftp over SSH (how to make ftpd listen only to 127.0.0.1)? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 07:40:34 -0000 Constantine wrote: > Hello, > > I am very concerned about the security of my servers. My favourite > file-management software does not support any other unix standards than > plain ftp. > > How is it possible to set up my FreeBSD 5.2.1 that way, that it will > accept ftp connections only from itself, so that iff the login to the > system is done via SSH with port-forwarding, then one can open > ftp-connection? > > (It will be very nice if in this case the username/password is not > requested again, i.e. the ftp connection is anonymous and yet the > ftp-client gets the same rights to files as SSH-logged user, who has the > port-forwarding, but this does not sound like easy doable.) > > Put it in other words, how can I make ftpd listen only to 127.0.0.1? > > Constantine. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > I'm not sure if this is possible to set within ftpd. I'm using classic way to block incoming FTP requests from unwanted addresses - IPFW.