i have a small anonymous ftp server (pure-ftpd daemonized). There are some people on my network who are connecting through our proxy server and i want to prevent that. So how do i forbid access from certain IPs?
thank you for your help
i would suggest to use iptables to block tcp to your ftp-server's port from a specific source ip.
I recognize that while theory and practice are, in theory, the same, they are, in practice, different. -Mark Mitchell
If proftpd uses tcpwrapper .. you can limit it using that also. This way tou don't have to rely on a firewall for this ... (You can have both.)
You can set Pure-FTPd to only listen to it's own IP:
Bind 10.0.0.5 # set 10.0.0.5 to the IP of the FTP-server
This way, if users connect through your proxy (NAT/router?), they'll probably connect to ftp.yourdomain.com and the proxy forwards the request to the server. The server won't allow a connection since it only listens to connections going to 10.0.0.5 (not ftp.yourdomain.com).
You could probably also edit the user database and deny connections from certain IP's in there.
PS: I'm assuming you're confusing proxy with NAT/router.
A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.