[lug] FTP services - disarming daemon

John Starkey jstarkey at ajstarkey.com
Wed Aug 9 13:46:42 MDT 2000 

ok. Thanks, this worked, as far as I can tell. I'm able, atleast to ftp
things too me. Now I have a couple IP's I need to be able to ftp to my
machine. I tried connecting from my web host service. And I can't even get
a login (this is good, thanks). 

I tried modifying the below ipchains to ALLOW two of the other IPs I need
access for. But to no avail. Is there a switch or option I need to know
about to do that?? I changed -j to ALLOW and subbed the $host to one of
the needed IPs.

TIA,

John

On Wed, 9 Aug 2000, Jarosko, Bill wrote:

> I would really like to have ftp for my own
> use but looks like that's not even possible. DSL it is once I move next
> month.
> 
> recieve requests from 192.168s? I can't log on now. And I can't remember
> what I changed, obviously something but whatever it was didn't take affect
> immediately.
> 
> 
> 
> How about instead of shutting down the service you just block outside traffic.
> ipchains should work well enough for this.
> 
> I assume you have no ipchains rules as of yet, i.e. you haven't set up a firewall yet.
> 
> Exter = whatever interface your cable comes in on, i.e. eth0, ppp0, whatever.
> hostip = your machines ip 
> 
> ipchains -A input -i $Exter -p tcp -s 0.0.0.0/0 1024:65535 -d $hostip 21 -j DENY 
> 
> Quick explanation: 
> 
> ipchains -A input   (append the input rule)
> -i               (tells ipchains to watch this interface)
> -p tcp           (tells ipchains which protocol)
> -s               (this is the source switch, in this case we want all IP's so 0.0.0.0/0)
> 1024:65535       (the port numbers of remote machines used to connect to ftp)
> -d               (destination switch, your ip addr and ftp port number(21))
> -j               (policy, what should it do, in this case deny, it doesn't tell TCI(AT&T) it even exists)
> 
> that should do it, but if not, send another email.
> And if you'd like to block telnet just change the port number from 21 to 23.
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list