Add allowed IP address to FTP server

anon091 · 01-13-2010, 10:02 AM

I have a RHEL FTP server, which i'm told is setup to only allow certain IPs to connect to the FTP site. I have two questions though.

1) what file would show me what IPs are currently allowed?
2) what command do I do to add another IP to it?

arashi256 · 01-13-2010, 10:08 AM

/etc/hosts.allow and /etc/hosts.deny?

anon091 · 01-13-2010, 10:09 AM

those files are empty. could it be somewhere else? like beneath sysconfig or something?

arashi256 · 01-13-2010, 10:39 AM

Depends where the restriction happens - at the FTP server level, in which case we'd need to know which FTP server daemon you're running or at the firewall level. Iptables perhaps? Under /etc/sysconfig/iptables

anon091 · 01-13-2010, 10:45 AM

vsftpd is the ftp server i'm running. looks like iptables has some accepts statements in there. maybe that's where I add them? or could there be something in the vsftpd config also?

uncle-c · 01-13-2010, 12:42 PM

The best bet would be to edit your /etc/host.allow and /etc/hosts.deny files to control access. A prerequisite is to make sure tcp wrappers in enabled in your /etc/vsftpd.conf file :

Code:

# TCP Wrappers
tcp_wrappers=YES

Deny all incoming connections by default in /etc/hosts.deny by adding:

Code:

vsftpd: ALL

Specify the allowed connection in /etc/hosts.allow by adding:

Code:

vsftpd: 192.168.0.,209.223.0.124

The above example only allows ftp access from the local network ( 192.168.0.* ) and the IP 209.223.0.124

If there are no /etc/hosts.allow|deny files then you can just create them but make sure that they are rw only by root.

anon091 · 01-13-2010, 12:48 PM

I'm just helping maintain the server, i'm not at liberty to reconfigure it like you're suggesting. I do see lines in my iptables like this, so I think I just need to add a new one, but how?

-A INPUT -s 1.2.3.4 -d 5.6.7.8 -j ACCEPT