Hallo zusammen,
ich versuche Proftp auf eine von zwei möglichen IP-Adressen zu binden.
Aber leider sind bei einem Portscan immer beide IPs offen
(192.168.2.2:621 und 192.168.2.3:621)
Hier meine Config:
ServerName "Debian"
ServerType standalone
DeferWelcome off
# DefaultAddress 192.168.2.3
SocketBindTight on
Bind 192.168.2.3
DefaultServer off
MultilineRFC2228 on
# DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
UseReverseDNS off
IdentLookups off
# Port 21 is the standard FTP port.
Port 621
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
MaxClientsPerHost 3
MaxClientsPerUser 3
MaxHostsPerUser 1
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
<Global>
DefaultChdir /home/ftpdaten
DefaultRoot /home/ftpdaten
</Global>
<VirtualHost 192.168.2.3>
Bind 192.168.2.3
Port 621
</VirtualHost>
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd_tls.log
TLSProtocol TLSv1
TLSRequired on
TLSVerifyClient off
TLSRSACertificateFile /etc/ftpcert/ftphost.cert
TLSRSACertificateKeyFile /etc/ftpcert/ftphost.key
</IfModule>
Auch wenn ich DefaultAddress aktiviere und VirtualHost deaktiviere ändert es nichts.
Was mache ich falsch?
Gruß
Thomas
