Re: setting up an ftp server

To: debian-user@lists.debian.org
Subject: Re: setting up an ftp server
From: Kalle Hasselström <kalle@treskal.com>
Date: Mon, 30 Jul 2001 21:58:30 +0200
Message-id: <[🔎] 20010730215830.B3868@treskal.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20010730140043.A29604@bmrb.wisc.edu>

On Mon, Jul 30, 2001 at 02:00:43PM -0500, Dimitri Maziuk wrote:
> * Kalle Hasselström (kalle@treskal.com) spake thusly:
> ...
> > Two more questions popped up, regarding inetd. bsd-ftpd is started by
> > inted on incoming calls. How can I
> > 
> > a) Temporarily disable ftp? I thought it would be a good idea to do
> > this when it's not being used, to be on the safe side. I won't be
> > using it much at all, not even once a week.
> 
> IIRC xinetd allows you to set date/time based access controls.
> You could do more with a wrapper around in.ftpd, if you can
> write a wrapper like that. You could go as far as write a wrapper 
> that needs a specific packet -- if it receives that, it spawns 
> ftpd, otherwise it drops the connection ("knock first", often used 
> by trojans). Or you could run ftpd standalone, ssh to the box and 
> do "/etc/init.d/ftpd start" before ftp'ing.
> 

Good idea! The following does what I want:

[contents of /usr/local/sbin/in.ftpd]
------
#!/bin/sh

# Run the real in.ftpd, but only if the file /etc/allowftp exists.
if [ -e /etc/allowftp ]; then
    /usr/sbin/in.ftpd $*
fi
------

It's an on/off switch that's only reachable from the inside.

> > b) Change the port? The default port for ftp is 21, but I'd like it to
> > use 12345 or something instead. This is just to confuse people,
> > especially my ISP who with a rather sweeping statement disallows
> > "servers". They just want to keep the traffic volume down, and I won't
> > be generating overly much traffic, but nevertheless I thought it might
> > be prudent to assume that they check for requests on ports 21 and 80.
> 
> Would
> "12345 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd -q"
> work? Also, you can tell standalone server what port to listen to,
> e.g. "Port 12345" for ProFTPD.
> 

Works like a charm (note that it's been modified to call the wrapper
script instead as well):

[slices from /etc/inetd.conf]
------
#ftp           stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.ftpd -q
12345          stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/local/sbin/in.ftpd -q
------

Thanks!

-- 
Kalle Hasselström, kalle@treskal.com

Attachment: pgpT2_S9IT6GE.pgp
Description: PGP signature

Reply to:

References:
- Re: setting up an ftp server
  - From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>

Prev by Date: Re: How to update/upgrade libc6?
Next by Date: lilo does not work!
Previous by thread: Re: setting up an ftp server
Next by thread: nVidia users help needed
Index(es):
- Date
- Thread