www.ProFTPD.de

ProFTPD => ProFTPD - Deutsch => Thema gestartet von: cevox am 14. Oktober 2005, 17:43:29


Titel: Zugangsbeschränkung zeigt keine Wirkung
Beitrag von: cevox am 14. Oktober 2005, 17:43:29
Hallo,

ich möchte nur einem bestimmten IP-Bereich Zugang zu meinem FTP-Server gewähren. Dazu habe ich (zusätzlich zur Benutzereinschränkung, die funktioniert) einen IP-Bereich angegeben.

Leider können dennoch User mit anderen IPs auf dem Server einloggen.

Hier meine config:
Code:
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName                      "cevox FTP Server"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd               off

# Uncomment this if you would use TLS module:
#TLSEngine                      on

# Uncomment this if you would use quota module:
#Quotas                         on

# Uncomment this if you would use ratio module:
#Ratios                         on

# Port 21 is the standard FTP port.
Port                            21

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)

MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on
AllowRetrieveRestart            on
AllowStoreRestart               on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine                    off

# manual additions
DefaultRoot                     /home/ftp

<Limit LOGIN>
Allow from                      141.28.
Allow from                      192.168.1.
Allow from                      10.2.0.0/22
AllowGroup                      ftpuser
DenyAll
</Limit>

<Directory /home/ftp/*>
<Limit WRITE>
DenyUser                        ghb
AllowUser                       admin
</Limit>
</Directory>

<Directory /home/ftp/upload/*>
<Limit READ WRITE>
DenyUser                        ghb
AllowUser                       admin
</Limit>
<Limit STOR>
AllowUser                       ghb
AllowUser                       admin
</Limit>
</Directory>

<Directory /home/ftp/web>
<Limit ALL>
DenyUser                        ghb
AllowUser                       admin
</Limit>
</Directory>

<Global>
RootLogin                       off
RequireValidShell               off
</Global>

UseReverseDNS                   off
IdentLookups                    off

LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth "%v [%P] %h %t \"%r\" %s"
LogFormat                       write "%h %l %u %t \"%r\" %s %b"

ExtendedLog                     /var/log/ftp_auth.log AUTH auth
ExtendedLog                     /var/log/ftp_access.log WRITE,READ write


Wo liegt der Fehler? :?:


Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC