From owner-freebsd-questions  Tue Dec 17  7:27:30 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A63237B401
	for <freebsd-questions@freebsd.org>; Tue, 17 Dec 2002 07:27:29 -0800 (PST)
Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0FE3D43EA9
	for <freebsd-questions@freebsd.org>; Tue, 17 Dec 2002 07:27:29 -0800 (PST)
	(envelope-from dpelleg@gs166.sp.cs.cmu.edu)
To: hawkeyd@visi.com
Cc: "questions at FreeBSD" <freebsd-questions@freebsd.org>
Subject: Re: jailed ftpd behind NAT'ing firewall: ftphosts?
References: <20021209102243.A40506@sheol.localdomain>
From: Dan Pelleg <daniel+bsd@pelleg.org>
Date: 17 Dec 2002 10:27:07 -0500
In-Reply-To: <20021209102243.A40506@sheol.localdomain>
Message-ID: <u2s4r9cis38.fsf@gs166.sp.cs.cmu.edu>
Lines: 35
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

D J Hawkey Jr <hawkeyd@visi.com> writes:

> Hi all.
> 
> I want to set up a jailed FTP server on a box inside a private LAN,
> accessable to the outside. It all looks straight-forward enough, using
> a column on DaemonNews (http://ezine.daemonnews.org/200212/ftpjail.html)
> as a guildline, except that I want to use FreeBSD's ftpd(8).
> 
> Reading the ftpd(8) man page, it seems I need to employ /etc/ftphosts,
> but try as I might, I can't find an example of /etc/ftphosts.
> 
> The private network is 192.168.16.0/24. The public IP to my LAN is,
> say, 208.42.236.15. Do I need /etc/ftphosts to reflect the public IP,
> or does jail(8) handle this for me, or what?
> 

I don't think you need a ftphosts in this case. But I have no experience
with it. It seems the jail should give you all the hiding you'd want, and
that the jailed host doesn't account as a system that "has multiple IP
addresses".

> Even if I don't need /etc/ftphosts, could someone post an example? I
> find the man page sufficiently vague as to the actual contents, the
> user field in particular. It seems to me this is something I should
> just know.
> 

Again, this is just a guess, but in my understanding a file with a single
line that looks something like this should work:
ftp.mydomain joe - - -

-- 

  Dan Pelleg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message