ftp port blocking

tarak4u · 09-22-2003, 12:06 AM

Well i am running a redhat 7.2 linux dhcp server . Which is a cyber cafe server many people use to download warez threw ftp which actully kills my traffic so on the client part i like to disable the ftp port so which configration should i make on server part. it is a masqurade server and firwall is installed

jalal · 09-22-2003, 12:58 AM

you'll need to add a rule in the firewall to drop outgoing connections to ftp ( port 21 ).

something along the lines of:

iptables -t nat -A PREROUTING -p tcp --destination-port 21 -j DROP

micxz · 09-22-2003, 01:20 AM

Just use the firewall maybe
Block or Drop all traffic on port 21

or go to the file "/etc/hosts.deny"
and add the line:
in.ftpd:ALL

Or you could get fancy:
in.tftpd: ALL: (/some/where/safe_finger -l @%h | /usr/ucb/mail -s %d-%h root) &

ppuru · 09-22-2003, 03:49 AM

Tarakbhai

you would need to add ip address(es) or a range if you want to restrict only a few boxes. e.g. You wouldn't want to restrict your system from downloading via ftp.

Adding to jalal's post

iptables -t nat -A PREROUTING -p tcp -i <restricted ips> --destination-port 21 -j REJECT

Reject would be a better option for internal clients.

Your clients would still be able to download using HTTP.

An alternative would be to restrict access to the warez sites (but the list can be huge)

/bin/bash · 09-22-2003, 04:48 AM

Just turn off your ftp service!

/sbin/chkconfig --list
Now look for ftpd or proftpd then...
/sbin/chkconfig --level 12345 ftpd off
/etc/rc.d/init.d/ftpd stop