FTPD & SSHD server

Bart Silverstrim bsilver at chrononomicon.com
Sun May 23 07:29:42 PDT 2004

On May 23, 2004, at 10:04 AM, Andri Kok wrote:

> Hello fellas,
> I have FTPD and SSHD running. The way enabled it was by uncommenting 
> lines in inetd.conf. Now, If I access it from the outside (school's 
> lab to my home computer, we have static IP) it works. But If my 
> friends try to access it from the local network, it doesn't work 
> (Using windows). I set up my server using a DHCP assigned IP address 
> (C class), and the router that I use is the default router from my 
> adsl modem. Should I use the server as the gateway as well? 
> suggestions? TIA guys =)

You mean if your friends try accessing the server from the *internal* 
network it won't let them, but from the outside world going into the 
server it works fine?

A) Did you verify the IP address they are connecting to is the actual 
internal IP the server has?
B) Is the server set to reject certain IP addresses from accessing 
those services?
C) What do the logs have to say about the connection attempts?

If *I* were setting it up, I'd advise not having the server set up 
using DHCP internally.  Set the server system to a static IP outside of 
the router's DHCP range, then make sure the port forwarding on the 
router is set up properly to forward those protocols to the internal 
server's static IP address.  Only the router would be the gateway, as 
it is what is handling the routing of packets to the Internet (Unless 
you're setting up your BSD system to act as a proxy server with 
something like Squid...but I think that's outside the scope of your 
question :-)

I've seen this setup several times...you have a static IP as seen from 
the Internet (actually it hits a router/NAT/soho device just behind the 
cable modem or DSL modem); that device is set to forward certain 
services to internal machines.  Those machines should have static 
addresses to prevent the server from "wandering" if the DHCP address 
changes for some reason.  Leave the DHCP to be sent to visiting 
machines and non-server workstations on the internal network...if you 
don't have a reason for them to constantly keep the IP, then they're a 
candidate for DHCP (advice?  Don't do it unless you have notebook PCs.  
Home and small networks usually don't present such a management 
quagmire that it's too difficult to keep static IPs on them.  I 
personally have my internal computers set to static IPs with a DHCP 
server handing out only a narrow number of IPs for the visiting laptops 
I use from work and the occasional playing with the PDA with wireless 
access...it's much easier to see if another system is hopping the 
network when an "alien" MAC address shows up in the logs; that's just 
my personal take on it though).

Hope that helps...if you can, try posting errors from the server logs 
if the above suggestions don't help you.


More information about the freebsd-questions mailing list