Open FTP only on certain IP address

Simple Fellow

5/18/23, 5:21 AM

on a remote machine there are two network interfaces.

eth0: 10.10.0.15 (VLAN)
eth1: 33.33.22.22 (Public IP)

I want the VSFTPD to only receive and entertain requests from the public IP and localhost and not from the VLAN or any machines on VLAN. I added the following rules t the UFW:

ufw allow proto tcp from 33.33.22.22 to any port 20:21

this is for passive FTP

ufw allow proto tcp from 33.33.22.22 to any port 40000:40100

however with this setting the FileZilla is stuck

Connecting to 33.33.22.22
Connection established, waiting for welcomemessage...
Initializing TLS
verifying certificate
Logged in
Retrieving directory listing...

and then it is stuck for few seconds and then retries.

with this setting

ufw allow proto tcp from any to any port 40000:40100

it starts working but then connections from other machines on VLAN is also possible. how can I achieve the desired results or that's not possible?

0 + 0

networking

ufw

vsftpd

pLumo

5/18/23, 7:25 AM

`from` will restrict the source IP, not the target. Try `allow in on eth1` or maybe `to 33.33.22.22`.

Jos

5/18/23, 10:17 AM

While you could use a firewall to stop incoming requests, the easier thing would be to configure `vsftpd` to just listen on one address. Use `listen_address=33.33.22.22 ` in `vsftpd.conf`

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Open FTP only on certain IP address

TH: เปิด FTP บนที่อยู่ IP ที่กำหนดเท่านั้น

RO: Deschideți FTP numai pe o anumită adresă IP

RU: Открывать FTP только на определенном IP-адресе

VI: Chỉ mở FTP trên một số địa chỉ IP nhất định

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.