[Proftpd-user] allow from <host> resolving host at startup - proftpd

This is a discussion on [Proftpd-user] allow from <host> resolving host at startup - proftpd ; Hello, Because of a obscure reason (read: linux vserver), I need to connect using FTP from/to local machine, but it does not work via localhost interface (because linux vserver personalises it). I decided to run such virtual host on internal(intranet) ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Proftpd-user] allow from <host> resolving host at startup

  1. [Proftpd-user] allow from <host> resolving host at startup

    Hello,

    Because of a obscure reason (read: linux vserver), I need to connect using
    FTP from/to local machine, but it does not work via localhost interface
    (because linux vserver personalises it).

    I decided to run such virtual host on internal(intranet) interface of our
    servers. (a bit more security if anything breaks).

    As long as we are having more servers on the subnet, of which not all run
    proftpd (and should not have access to that virtual hosty), it would be nice
    to limit access only from the local host via (additionally to
    firewall, for sure)

    Since I would like to have simple configuration file, applicable to more
    hosts, I put churtcuts for interface names into /etc/hosts, e.g. "int" that
    resolves to IP of internal interface, and I use this in
    (works). The internal IP however resolves to full name, not to "int":

    1.2.3.4 xyz.dom.ain xyz int

    However, I can't use it in the directive since Allow from compares
    resolved hostname which is full name of the interface, not "int" shortcut.

    Any idea what to do now? Should I try to resolve the issue another way or
    is it worthwhile to use shurtcuts in "allow from" directives, that would
    resolve to IP on startup/reconfig ?

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Support bacteria - they're the only culture some people have.

    -------------------------------------------------------------------------
    This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
    Build the coolest Linux based applications with Moblin SDK & win great prizes
    Grand prize is a trip for two to an Open Source event anywhere in the world
    http://moblin-contest.org/redirect.p...r_id=100&url=/
    _______________________________________________
    ProFTPD Users List
    Unsubscribe problems?
    http://www.proftpd.org/list-unsub.html


  2. Re: [Proftpd-user] allow from <host> resolving host at startup


    > Any idea what to do now? Should I try to resolve the issue another way or
    > is it worthwhile to use shurtcuts in "allow from" directives, that would
    > resolve to IP on startup/reconfig ?


    I would recommend using the IP address range, if possible. DNS names are
    problematic enough as is, and trying to update the matching rules to deal
    with just hostnames, in addition to fully-qualified DNS names.

    In the meantime, you could also try using DNS glob rules, something like:

    Allow *.dom.ain

    if that helps.

    TJ

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Had we never lov'd sae kindly,
    Had we never lov'd sae blindly,
    Never met - or never parted,
    We had ne'er been broken-hearted.

    -Robert Burns

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    -------------------------------------------------------------------------
    This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
    Build the coolest Linux based applications with Moblin SDK & win great prizes
    Grand prize is a trip for two to an Open Source event anywhere in the world
    http://moblin-contest.org/redirect.p...r_id=100&url=/
    _______________________________________________
    ProFTPD Users List
    Unsubscribe problems?
    http://www.proftpd.org/list-unsub.html


+ Reply to Thread