hosts.allow and ssh problem

jekillen jekillen at prodigy.net
Fri May 19 20:00:38 PDT 2006 

On May 19, 2006, at 7:33 PM, David Kelly wrote:

>
> On May 19, 2006, at 8:55 PM, jekillen wrote:
>
>> I am trying to deny ftp access to my web site from out side. I have  
>> two nics on the server and access it from the inside network via one  
>> and serve to the public on the other.
>> I tried to write a rule in hosts.allow to deny ftp connections to the  
>> public ip address which has worked. But a side effect is that I can  
>> now not connect from local machines via
>> ssh.
>
> Your machine is connected to the outside world and you are not running  
> a firewall?
>
> If I understand correctly hosts.allow (and the hosts_access library  
> routines) operate in the applications themselves. The only reason you  
> wish to keep the outside world from reaching your ftpd is out of fear  
> that its somehow vulnerable and/or someone will come across your  
> username/password combination. So, nip it in the bud with a firewall  
> rule and never let them get that close. Simply deny port 21 incoming  
> on your external interface. Everything should work as always on your  
> internal interface.
>
> In ipfw where $nic_ext is fxp0 or whatever your extenal NIC is named:
>
> ipfw add deny ip from any to any ftp in via $nic_ext

Yes, thank you, I do need to set up the fire wall, but I needed a  
quicker fix for the moment.
posting to this list helped me unblock my brain, maybe we have  
biochemical firewalls built in that are
programmed by morons.
but I got a working set of rules for hosts.allow. Now I will proceed  
with the firewall set up.
Thanks again.
JK
>
>
> --
> David Kelly N4HHE, dkelly at HiWAAY.net
> ======================================================================= 
> =
> Whom computers would destroy, they must first drive mad.
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to  
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list