Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how ftp restricts ip in the Linux server. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Restrict IP

1. Allow access to an ip address through the configuration file of vsftpd and the settings of "hosts.deny" and "hosts.allow" files

1) modify the parameter "tcp_wrapper" in the configuration file "/ etc/vsftpd/vsftpd.conf" to make sure it is yes

[root@localhost wj] # gedit / etc/vsftpd/vsftpd.conf / / Anonymous login

Tcp_wrapper=YES

2) Open the configuration file "/ etc/hosts.deny" and add the word "vsftpd:all:Deny" at the end

[root@localhost wj] # gedit / etc/hosts.deny

# hosts.deny This file contains access rules which are used to

# deny connections to network services that either use

# the tcp_wrappers library or that have been

# started through a tcp_wrappers-enabled xinetd.

#

# The rules in this file can also be set up in

# / etc/hosts.allow with a 'deny' option instead.

#

# See 'man 5 hosts_options' and' man 5 hosts_access'

# for information on rule syntax.

# See 'man tcpd' for information on tcp_wrappers

#

Vsftpd:all:Deny / / all ip cannot be accessed

3) Open the configuration file "/ etc/hosts.allow" and add the word "vsftpd:192.168.0.123:Allow" at the end. The current configuration is to allow only "192.168.0.123" access.

[root@localhost wj] # gedit / etc/hosts.allow

# hosts.allow This file contains access rules which are used to

# allow or deny connections to network services that

# either use the tcp_wrappers library or that have been

# started through a tcp_wrappers-enabled xinetd.

#

# See 'man 5 hosts_options' and' man 5 hosts_access'

# for information on rule syntax.

# See 'man tcpd' for information on tcp_wrappers

#

Vsftpd:192.168.0.123:Allow

4) Test whether it is accessible. The ip of the current host is not "192.168.0.123", so the access will not be successful.

[root@localhost wj] # service vsftpd restart / / restart the service

Close vsftpd: [OK]

Start vsftpd for vsftpd: [OK]

[root@localhost wj] # lftp weijie:123456@192.168.0.113:8765 / / Local user login

Lftp weijie@192.168.0.113:~ > ls

Interruption / / ls failed and the connection was not successful

Lftp weijie@192.168.0.113:~ > bye

[root@localhost wj] # lftp 192.168.0.113Viru 8765 / / Anonymous login

Lftp 192.168.0.113 ~ > ls

Interruption / / ls failed and the connection was not successful

Lftp 192.168.0.113 ~ >

2. When an ip address has too many connections to the host, it will reduce the efficiency of the server. Therefore, it is necessary to set the number of connections for an IP, and when the number of connections exceeds a certain number, it can no longer be connected, which can improve the efficiency of the server. Vsftpd has no connection settings by default, which can be set by the parameter "max_clients". Since the ip of the same local area network is the same, the maximum number of connections should be set reasonably.

1) Open the configuration file "/ etc/vsftpd/vsftpd.conf" and add the word "max_clients=2" at the end

[root@localhost pub] # gedit / etc/vsftpd/vsftpd.conf

Max_clients=2

2) restart the service and test. Open three connections at a time and find that the third connection is inaccessible

[root@localhost wj] # service vsftpd restart / / restart the service

Close vsftpd: [OK]

Start vsftpd for vsftpd: [OK]

[root@localhost wj] # lftp weijie:123456@192.168.0.113:8765 / / Log in to weijie

Lftp weijie@192.168.0.113:~ > ls

-rwxrwxrwx 1 0 2375494044 Aug 14 07:13 1.zip

Lftp weijie@192.168.0.113:~ >

[root@localhost wj] # lftp 192.168.0.113Viru 8765 / / Anonymous login

Lftp 192.168.0.113 ~ > ls

Drwxr-xr-x 2 0 0 4096 Aug 14 06:38 pub

Lftp 192.168.0.113 / >

[root@localhost pub] # lftp 192.168.0.113 / / Anonymous login

Lftp 192.168.0.113 ~ > ls

[0] ls &

`ls' at 0 [delay before reconnection: 22] / / can no longer be accessed, ls is invalid

Lftp 192.168.0.113 ~ >

A Linux learning platform has been made, and a prototype has come out at present, which you can refer to and use.

Link: https://pan.baidu.com/s/1GOLVU2CbpBNGtunztVpaCQ password: n7bk

After reading the above, do you have any further understanding of how ftp restricts ip in Linux servers? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.