Block / Allow IP Addresses to FTP (ubuntu / vsftpd)

komodosp · 23-11-2012 02:02PM #1

Hi folks

The server admin recently at my request blocked FTP access for all but a chosen few IP addresses.

However he's gone off on holidays and we need a few more addresses to be allowed. Just wondering is there any way I can do it from the command line?

I have tried

Searching for .ftpaccess files (couldn't find any except in an obscure directory)

Using iptables (I can't access from the IP addresses I have entered there, and it doesn't list the ones that he specified)

Doing ufw show raw (shows only the addresses I allowed myself using iptables)
and ufw allow from ... (still no access)

etc/vsftpd.conf (doesn't have listen_address specified)

etc/hosts.allow (empty except for introductory comments)

None of these reveals the addresses he already allowed through.

Is there anywhere else I can be looking?

ressem · 23-11-2012 06:56PM

Have you ruled out the other network equipment, which would be my first choice to place IP based access rules?

Is the setup designed to allow access from only a small group of internal IP addresses / machines on your LAN? In which case there might be VLANS on the switches /routers.

Or are the existing allowed IP addresses of an external IP type? If so there's the possibility that they are blocked on a main office firewall instead.

Is the ftp server connected to the LAN directly or to a DMZ of the main firewall?

Block / Allow IP Addresses to FTP (ubuntu / vsftpd)

Comments