You are not logged in.
Hi,
I'm setting up a home server which should provide various services, one being a ftp server for file sharing in the intranet (with weak usernames and passwords eg. foo:bar), as well as one account which can be accessed through the internet. Choosing "bar" as password for the outside world might not be the best idea. I'm looking for a solution which grants only specific ftp users permissions to accept an alien connection. In the past I used vsftpd for intranet connections. I'd really like to avoid setting up a VPN. Any ideas? Thank you!
Offline
I trust vsftp. How is that related to setting up a VPN?
IMHO, the best solution is just to use ssh. Connect to it using sftp.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
How can I deny internet connections to the share of "foo" but grant connections to "mysecureshare" ?
Offline
Unless I am really missing something, I am going to respectfully suggest you look at man vsftpd.conf
Take a look at user lists.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
I don't really see how userlists can block connections from the internet but grant local connections for one ftpuser and allow both (local and foreign) connections for others.
ftpuser user1 shall accept connections from the local network and the internet, whereas user2 is only accessible through my local network.
Offline
See, I was missing something I missed that you wanted to be able to have all of the users browse from the local network, but limit those from outside.
What about two instances -- one on port 20/21 for the local network, and a second on a pair of non-standard ports for the outside world. Limit that one with user lists. Configure the port forwarding of your router to forward 20 and 21 to the IP of your server using the non-standard ports.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
Thanks I'll try that. Just to be sure, I'll have to change vsftp@.service to load the right config?
Offline
Thanks I'll try that. Just to be sure, I'll have to change vsftp@.service to load the right config?
Honestly, I've not tried that since moving to systemd and I am not someplace where I can experiment. If you need help, I can look at this when I get home this evening (GMT-8)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
There's always sftp with openssh.
I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.
Offline