FTP to stradle the network

[mezanine]

I am installing a Redhat 8 FTP server on my network with 2 NIC's, one to reside on the LAN and the other to reside in the real world.
First question is can I set the real world side up as a FTP server only. It is also very important that I give the user access to only one directory(I am not sure how to setup the user account)?

The other question is can I setup the LAN side address/card to accept incoming telnet and ftp requests from the local network only?

Thanks in advance

 

[dbase77]

Hi,

Answer to your first question, yes it is possible to allow only internet ip to connect. You can use either tcp-wrapper or firewall (iptables) to control user access. To create user account, just add username like you add user for access to you machine. Within ftp config file then you specify the restriction. What program do you use for ftp daemon?

Answer to question 2, yes it is possible. Same use tcp-wrapper or firewall (iptables).

Example of using tcp-wrapper:

vi /etc/hosts.allow

in.telnetd:10.200.10.
in.ftpd:10.200.10

vi /etc/hosts.deny

all:all

Make sure your xinetd compile with tcp-wrapper option enable.

regards,
feroz

 

[mezanine]

Thanks for the info Feroz.

How do I make sure my xinetd is compiled with tcp-wrapper option enable?

I use vsftpd for the ftp daemon.

Where is the ftp.conf file?

Thanks

 

[dbase77]

HI,

I think RH8 xinetd compile with tcp-wrapper enable. On top of that you need to install tcp-wrapper package.

to check for tcp-wrapper package:

rpm -qa |grep tcp-wrapper

to install package:

rpm -ivh filename

Since you use default ftp daemon come with rh8, the program is called vsftpd. Config file is /etc/vsftpd.conf.
Go to /etc folder and list the file by vsftp*, that should give you all the vsftpd files.

To protect from user go out from user home directory use file /etc/vsftpd.chroot_list. Insert username you want to restrict.

regards,
feroz