From owner-freebsd-security  Tue Apr 17  3:25:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from male.aldigital.co.uk (male.aldigital.co.uk [194.128.162.11])
	by hub.freebsd.org (Postfix) with ESMTP id 8989037B42C
	for <security@FreeBSD.ORG>; Tue, 17 Apr 2001 03:25:34 -0700 (PDT)
	(envelope-from adam@algroup.co.uk)
Received: from algroup.co.uk (socks.aldigital.co.uk [194.128.162.10])
	by male.aldigital.co.uk (Postfix) with ESMTP
	id 092F86A1411; Tue, 17 Apr 2001 10:25:28 +0000 (GMT)
Message-ID: <3ADC1A01.387C9705@algroup.co.uk>
Date: Tue, 17 Apr 2001 11:25:05 +0100
From: Adam Laurie <adam@algroup.co.uk>
X-Mailer: Mozilla 4.7 [en-gb] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Alexandr Listopad <laa@laa.zp.ua>
Cc: Khalil Haddad <khaddad@wanadoo.fr>, security@FreeBSD.ORG
Subject: Re: FTP - block outer connections
References: <002701c0c694$6774ef30$0200a8c0@khalil> <3ADB4050.855FE1F6@algroup.co.uk> <20010417102932.B28335@laa.zp.ua>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Alexandr Listopad wrote:
> 
> On Mon, Apr 16, 2001 at 07:56:16PM +0100, Adam Laurie wrote:
> > Khalil Haddad wrote:
> > >
> > > Hello all
> > > i got an FBSD box running FTPD
> > > I would like to listen only to ONE of my nic cards , ie the one that is not
> > > connected to the net anyone can help me securing it ?
> >
> > remove ftp from /etc/inetd.conf and run it as a daemon instead:
> >
> >   ftpd -D -a <internal ip>
> 
> is there any chanses to use TCPwrappers in this case?

no, but as you're already only listening on the interface you trust you
should be ok anyway.... but to be sure you only get connections from
where you want you could enable ipfilter and anti-spoof/host specific
rules...

cheers,
Adam
--
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
Voysey House                  http://www.thebunker.net
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message