Blocking vsftpd
James Wilkinson
james at westexe.demon.co.uk
Mon Feb 7 17:35:33 UTC 2005
Paul Howarth wrote:
> Change 127.0.0.1 to your LAN IP address if you want it to accept
> connections from your LAN only. You could connect to your own computer
> this way but you'd have to use the LAN address rather than "localhost"
> when connecting.
Um. Presumably that would work for multihomed computers (ones with two
network connections: in this case one to the Internet and one to the
local network).
If the server is behind a firewall that does one-to-one NAT (all
connections to an external IP address get forwarded to this computer),
or if the LAN IP address is itself routeable (used to be common, and
still exists), then people outside the LAN would still be able to
connect to a vsftpd listening on its LAN IP address.
In this case, I'd look at firewall set-ups: ideally one on the computer
and one in the vicinity of the router (exactly where depends on your
network setup).
James.
--
James Wilkinson | The attitude ``The computer said so, so it must be
Exeter Devon UK | right'' is always amusing to the people who program
E-mail address: james | them.
@westexe.demon.co.uk | -- Geoff Lane
More information about the fedora-list
mailing list