The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restricting FTP to an IP?

Discussion in 'General Discussion' started by ncrossland, Nov 23, 2006.

  1. ncrossland

    ncrossland Member

    Joined:
    Sep 23, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible to restrict access to an FTP account to only from a particular client IP? I know there isn't an option in cpanel.
     
  2. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Yes there is but this is not recommend because if you add a dedicated IP account our reseller into their on IP and forget to add the IP to the ftp config the user will have no FTP access.

    /etc/
    pure-ftpd.conf
    # IP address/port to listen to (default=all IP and port 21).


    This change is not recommend
     
  3. krava

    krava Well-Known Member

    Joined:
    Sep 23, 2003
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hello.

    Yes, it is possible to do using firewall.
     
  4. ncrossland

    ncrossland Member

    Joined:
    Sep 23, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, I didn't word the question very well -- what I'd like to achieve is an FTP account which would allow a user to connect only if their own IP address is in a particular range.
     
  5. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    You want to restrict just for a username the ip ranges that are enable to open a connection true ftp?

    Is that what you wanna due?
     
  6. ncrossland

    ncrossland Member

    Joined:
    Sep 23, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Yes Budway, correct!
     
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    It depends on exactly why you want to do this, there may be other solutions, but there's no way you can restrict just a single user through a firewall. You might be able to do it by digging into the pureftpd/proftpd documentation and finding a configuration option there, but unlikely. If you wanted to restrict ALL users and could work out a way to make that work, you could easily do that through a firewall like csf or apf.
     
  8. Imai

    Imai Well-Known Member

    Joined:
    Aug 11, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    I found this solution from http://www.novell.com/coolsolutions/feature/19818.html
    article on pure ftpd administration
    --------------------------------------------------------------------------------------------
    IP Restrictions
    Restricting access based on IP addresses is very simple. The qualifier that is used to block IP addresses is "-R" followed by the IP address as shown in Figure 5.

    linux-1reo:~# pure-pw usermod damian -R 192.168.0.2 -m
    ---------------------------------------------------------------------------------------------

    How can I implement this in Cpanel.
    I need to restrict ftp access to a certail account from 1 IP only
    thank you
     
  9. lehels

    lehels Well-Known Member

    Joined:
    Jul 10, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Restrict FTP acces from an IP to a username

    This would be needed certanily, to be able to restrict FTP access from just a specific IP-Address to a single username !

    I saw in cpanel servers:
    @server [~]# pure-pw show username
    Unable to open the passwd file: No such file or directory
    Unable to fetch info about user [username] in file [/etc/pureftpd.passwd

    it;s kindof a mix, cause the username a kept in the proftpd/ folder.
     
  10. d_t

    d_t Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bucharest
  11. HostIt

    HostIt Well-Known Member

    Joined:
    Feb 22, 2003
    Messages:
    151
    Likes Received:
    1
    Trophy Points:
    18
    I have had success in restricting a users FTP access to a single IP :)

    1) Uncomment the PureDB line within /etc/pure-ftpd.conf and restart Pure-FTPd
    2) pure-pwconvert | grep username > /etc/pureftpd.passwd
    3) chmod 600 /etc/pureftpd.passwd
    4) pure-pw usermod username -r 192.168.0.2 -f /etc/pureftpd.passwd
    5) pure-pw mkdb

    Although my testing so far has been limited, the above five commands do seem to successfully restrict "username" to FTP access ONLY from the IP address "192.168.0.2".

    The only problems with this approach appear to be as follows:

    1) If the user later changed their password via cPanel, their FTP password would not change. To sync them up again, you'd need to rebuild the "virtual user" database by running the last four commands above. This could be scripted as a cron job, although that's not particularly tidy.

    2) Because SFTP uses OpenSSH it ignores the virtual users file, meaning anybody could circumvent the above block by simply using SFTP. This can be worked around by adding the line "DenyUsers username" to /etc/ssh/sshd_config, then restarting SSH, although of course this will cut off any shell access they may have had also.

    I hope that's helpful to somebody :)
     
    #11 HostIt, May 3, 2009
    Last edited: May 3, 2009
Loading...

Share This Page