hosts.allow and ssh problem
David Kelly
dkelly at hiwaay.net
Fri May 19 19:34:09 PDT 2006
On May 19, 2006, at 8:55 PM, jekillen wrote:
> I am trying to deny ftp access to my web site from out side. I have
> two nics on the server and access it from the inside network via
> one and serve to the public on the other.
> I tried to write a rule in hosts.allow to deny ftp connections to
> the public ip address which has worked. But a side effect is that I
> can now not connect from local machines via
> ssh.
Your machine is connected to the outside world and you are not
running a firewall?
If I understand correctly hosts.allow (and the hosts_access library
routines) operate in the applications themselves. The only reason you
wish to keep the outside world from reaching your ftpd is out of fear
that its somehow vulnerable and/or someone will come across your
username/password combination. So, nip it in the bud with a firewall
rule and never let them get that close. Simply deny port 21 incoming
on your external interface. Everything should work as always on your
internal interface.
In ipfw where $nic_ext is fxp0 or whatever your extenal NIC is named:
ipfw add deny ip from any to any ftp in via $nic_ext
--
David Kelly N4HHE, dkelly at HiWAAY.net
========================================================================
Whom computers would destroy, they must first drive mad.
More information about the freebsd-questions
mailing list