Limiting users who have shell access to use a certain ip

Kevin O'Connor kevin at ziptek-technologies.co.uk
Wed Jan 7 11:05:43 GMT 2004


David, if all you want to do is limit shell access on port 21/22, don't
know if you use secure shell, kill your current ftp server, assuming
it's the standard ftpd and replace it with something like ProFTPD. This
will allow you to bind it to a single IP address and configure acls for
it. It supports virtual FTP servers, so if your clients need ftp access
you create a second server but place your shell account users in the
banded list for that server and tell it to bind to all but the original
IP address. 
As I've just used ProFTPD as an example I'll add the following caveat
There is an exploited that exists on pre September 2003 versions please
make sure you install the latest patches. Hope this was the answer you
were looking for.
Regards
Kevin      

-----Original Message-----
From: freebsd-users-admin at uk.freebsd.org
[mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of davidr at skyforge
Sent: 07 January 2004 10:27
To: kevin at ziptek-technologies.co.uk
Cc: freebsd-users at uk.freebsd.org
Subject: Re: Limiting users who have shell access to use a certain ip

ok, the server will have lots of ip addressees on it. I want to be able
to
limit any users who have shell access to use one ip. Since the other are
for
customers etc.. and i would prefer it if they didnt use those ip
addresses

I hope that clears things up a little


david
----- Original Message ----- 
From: "Kevin O'Connor" <kevin at ziptek-technologies.co.uk>
To: "'davidr at skyforge'" <davidr at skyforge.net>;
<freebsd-users at uk.freebsd.org>
Sent: Wednesday, January 07, 2004 1:58 AM
Subject: RE: Limiting users who have shell access to use a certain ip


> David can you please clarify, do you want the users to be able to only
> connect to the shell account from 1 IP address or do you want them to
> only be able to access the internet from the shell on the FreeBSD box
> via a specific IP address on the box. If the latter surely it's a
simple
> NAT setup with maybe some firewall rules, if the former just firewall
> rules.
> Regards
> Kevin
>
> -----Original Message-----
> From: freebsd-users-admin at uk.freebsd.org
> [mailto:freebsd-users-admin at uk.freebsd.org] On Behalf Of
davidr at skyforge
> Sent: 06 January 2004 23:19
> To: freebsd-users at uk.freebsd.org
> Subject: Limiting users who have shell access to use a certain ip
>
> hi
>     does any one know a way of being able to limit a group/all users
who
> has
> shell account to a freebsd server to use a certain ip address when
they
> tried to connect to the internet ? Is what i am saying even possible ?
> or
> would  I need a big cisco type router to do such a task
> --
> David Richards
> davidr AT skyforge DOT net
> http://www.skyforge.net
>
>
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
>
>
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
>


------ FreeBSD UK Users' Group  -  Mailing List ------
http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users





More information about the Ukfreebsd mailing list