Date: Fri, 19 May 2006 20:01:23 -0700 From: jekillen <jekillen@prodigy.net> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: hosts.allow and ssh problem Message-ID: <dab778c6fe4f4599190ea1e5e3e300ba@prodigy.net> In-Reply-To: <7480EE06-F2A8-4B8F-9588-FCA6B35C3BA6@hiwaay.net> References: <6b8ab79d578aec086fb10590dee29616@prodigy.net> <7480EE06-F2A8-4B8F-9588-FCA6B35C3BA6@hiwaay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 19, 2006, at 7:33 PM, David Kelly wrote: > > On May 19, 2006, at 8:55 PM, jekillen wrote: > >> I am trying to deny ftp access to my web site from out side. I have >> two nics on the server and access it from the inside network via one >> and serve to the public on the other. >> I tried to write a rule in hosts.allow to deny ftp connections to the >> public ip address which has worked. But a side effect is that I can >> now not connect from local machines via >> ssh. > > Your machine is connected to the outside world and you are not running > a firewall? > > If I understand correctly hosts.allow (and the hosts_access library > routines) operate in the applications themselves. The only reason you > wish to keep the outside world from reaching your ftpd is out of fear > that its somehow vulnerable and/or someone will come across your > username/password combination. So, nip it in the bud with a firewall > rule and never let them get that close. Simply deny port 21 incoming > on your external interface. Everything should work as always on your > internal interface. > > In ipfw where $nic_ext is fxp0 or whatever your extenal NIC is named: > > ipfw add deny ip from any to any ftp in via $nic_ext Yes, thank you, I do need to set up the fire wall, but I needed a quicker fix for the moment. posting to this list helped me unblock my brain, maybe we have biochemical firewalls built in that are programmed by morons. but I got a working set of rules for hosts.allow. Now I will proceed with the firewall set up. Thanks again. JK > > > -- > David Kelly N4HHE, dkelly@HiWAAY.net > ======================================================================= > = > Whom computers would destroy, they must first drive mad. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dab778c6fe4f4599190ea1e5e3e300ba>