[Fedora] Re: Blocking vsftpd
Ashley M. Kirchner
ashley at pcraft.com
Tue Feb 8 00:45:38 UTC 2005
Paul Howarth wrote:
> Change 127.0.0.1 to your LAN IP address if you want it to accept
> connections from your LAN only. You could connect to your own computer
> this way but you'd have to use the LAN address rather than "localhost"
> when connecting.
>
> If you want to allow connections from localhost *and* your LAN then it
> gets a bit more complicated, e.g. using iptables to restrict incoming
> connections, or running 2 vsftpd instances, one listening on the
> localhost address and one on your LAN IP address.
Well, let's see here. It is a public server which answers to www
calls (it has a public IP as well.) One of the sites connects locally
to an FTP applet for file uploads (which basically opens a connection to
the local vsftpd daemon.) So, setting it to listen to localhost would
work ... however, there will be other machines on our network (not
necessarily on the same LAN) that will connect to this server. We have
three subnets on our (public) network so I need to be able to cross from
one subnet, through our router, back into the other subnet and to vsftpd
running on this machine.
So, as far as the www site is concerned, yes i can set it to listen
to localhost, however that will prevent any of our other machines to
connect to it. And setting it to its LAN ip will prevent machines on
the other subnets from reaching it. At least, I think it will. I'm
stuck I think.
--A
More information about the users
mailing list