Date: Fri, 19 May 2006 21:33:47 -0500 From: David Kelly <dkelly@hiwaay.net> To: freebsd-questions <freebsd-questions@freebsd.org> Cc: jekillen <jekillen@prodigy.net> Subject: Re: hosts.allow and ssh problem Message-ID: <7480EE06-F2A8-4B8F-9588-FCA6B35C3BA6@hiwaay.net> In-Reply-To: <6b8ab79d578aec086fb10590dee29616@prodigy.net> References: <6b8ab79d578aec086fb10590dee29616@prodigy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 19, 2006, at 8:55 PM, jekillen wrote: > I am trying to deny ftp access to my web site from out side. I have > two nics on the server and access it from the inside network via > one and serve to the public on the other. > I tried to write a rule in hosts.allow to deny ftp connections to > the public ip address which has worked. But a side effect is that I > can now not connect from local machines via > ssh. Your machine is connected to the outside world and you are not running a firewall? If I understand correctly hosts.allow (and the hosts_access library routines) operate in the applications themselves. The only reason you wish to keep the outside world from reaching your ftpd is out of fear that its somehow vulnerable and/or someone will come across your username/password combination. So, nip it in the bud with a firewall rule and never let them get that close. Simply deny port 21 incoming on your external interface. Everything should work as always on your internal interface. In ipfw where $nic_ext is fxp0 or whatever your extenal NIC is named: ipfw add deny ip from any to any ftp in via $nic_ext -- David Kelly N4HHE, dkelly@HiWAAY.net ======================================================================== Whom computers would destroy, they must first drive mad.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7480EE06-F2A8-4B8F-9588-FCA6B35C3BA6>