Find the answer to your Linux question:
Results 1 to 3 of 3
Alright here's a question not sure if it can be done but here goes. There is a secure ftp site that we use only trouble is that if you just ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2004
    Posts
    4

    iptables and port blocking


    Alright here's a question not sure if it can be done but here goes. There is a secure ftp site that we use only trouble is that if you just goto the main ftp it is not secure I want to block the unsecure link from going out.

    ftp://example.com ftp://test@example.com/ABC

    They both go through port 21 so I can't block the port and since ABC is a subdirectory of ftp://example.com I cannot block the IP of ftp://example.com.

    So I looked closer comparing the connections made when you link to the different ftp sites, the ftp://example.com seems to reply from 23xxx tcp and I am hoping there is a way to block an entire port range to a particular IP address, I am hoping this will do the job.

  2. #2
    Just Joined!
    Join Date
    Jan 2005
    Location
    Toronto, ON, Canada
    Posts
    79
    Well port 21 is the well known FTP control connection and the other 23xxx ports(actually any > 1023) are the ports allowed to allocate dynamically by FTP servers en passive mode for FTP data connection. Note that FTP servers in active mode the FTP data connection listen in port 20.
    There is no way to associate neither those 23xxx ports nor port 20 to specific directory/subdirectory.

    One way to work around with your problem is to give to 'ABC' diferrent user/group access privilage (that exclude the current ftp users) using 'chown' and allow this user to access via ftp to the 'ABC' directory. In this wauy you will have two diferent ftp accounts one for the 'ABC' directory and other/others for the reminder directory/directories.

    I hope this help,

    afrolinux

  3. #3
    Just Joined!
    Join Date
    Jan 2005
    Posts
    18
    well if ya have a router or gateway you can redirect port 21 for FTP to say port 20 on your comp
    then any sites hitng any other port for ftp is blocked out

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •