The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to restrict FTP access to particular IP?

Discussion in 'General Discussion' started by hustla66, Mar 4, 2013.

  1. hustla66

    hustla66 Registered

    Joined:
    Mar 4, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I am administrating a server running WHM/cPanel on root level. I would like to know how to properly restrict FTP access to limited amount of IPs and deny all others? I have restricted WHM, SSH and CP areas with Host Access Control but this will not work for proper FTP restricting.

    I believe this is done trough SSH and iptable rules. Please give me examples and solutions for this!

    Your help is much appreciated!
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You don't happen to use CSF, do you?
     
  3. hustla66

    hustla66 Registered

    Joined:
    Mar 4, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am familiar with it's interface and used it for a couple of times to whitelist some IPs trough firewall. I have also reviewed the iptable rules trough the interface there, but don't know how to do restrict particular IPs for the port of FTP. Thanks
     
  4. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    348
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    If you only want to allow several IPs to FTP, remove ports 20 and 21 from allowed incoming port list in CSF and then add those happy-IPs to the whitelisted list.
     
  5. hustla66

    hustla66 Registered

    Joined:
    Mar 4, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Could you please instruct step by step? Where and how to remove these ports? Then whitelisting IPs is trough the Quick-Allow feature?
     
  6. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You remove ports in WHM-> Plugins-> ConfigServer Security & Firewall-> Firewall Configuration-> TCP_IN
    Remove ports 20 & 21 from the list, scroll down, click "Change" and then "Restart csf+lfd".

    You allow specifict IPs to use FTP like this:
    WHM-> Plugins-> ConfigServer Security & Firewall-> Firewall Allow IPs:
    you add lines like this:
    tcp|in|d=20_21|s=IP_ADDRESS_HERE

    that allows connections from that IP to ports 20 & 21.

    then click "Change" and "Restart csf+lfd".
     
Loading...

Share This Page