PDA

View Full Version : Hosts.Rules


Rusher
09-20-2011, 12:08 PM
I like the way the Server refuses connections when i have POLICY DENY in Hosts.Rules

but now server denys everything that is not in the Hosts.Rules file, is there any way for server to compare IP from the user files in ../users/ ?

adding and deleting users will be sucky if i have to edit Hosts.Rules everytime

Yil
09-21-2011, 02:48 AM
You don't want to use the Hosts.Rules file... In fact the file will have a new look in v8 and updating can be done through the FTP, but you STILL don't want to use the new Hosts.Rules file!

What you probably want is to enable the 'Reject_Unknown_Ips' option which means the server will ONLY talk to hosts that match at least 1 user hostmask. You also probably want to enable the 'Secure_Ip_#' options to prevent admins from adding *@* as a hostmask which would effectively disable the feature!

I suggest skimming the whole ioFTPD.ini file, there's a ton of cool stuff in there :)

Rusher
09-21-2011, 09:59 AM
Hi

sorry for not explaining my problem more ingoing.. but here goes :)

i have in my ioftpd the following line :

Reject_Unknown_Ips = True

and well server lets me "try" to login example as follows :

[16:49:25] [R] Connecting to SERVER -> DNS=xxxxxxx IP=xxxxxxx PORT=xxxx
[16:49:25] [R] Connected to SERVER
[16:49:25] Ident Request: xxxxxxxx - UserID: xxxxxxx
[16:49:25] [R] 220 FTP Server ready.
[16:49:25] [R] AUTH TLS
[16:49:25] [R] 234 AUTH TLS successful.
[16:49:25] [R] Connected. Negotiating TLSv1 session
[16:49:25] [R] TLSv1 negotiation successful...
[16:49:25] [R] TLSv1 encrypted session using cipher ECDHE-RSA-AES256-SHA (256 bits)
[16:49:25] [R] PBSZ 0
[16:49:25] [R] 200 PBSZ 0 successful.
[16:49:25] [R] USER rusher
[16:49:25] [R] 331 Password required for rusher.
[16:49:25] [R] PASS (hidden)
[16:49:25] [R] 530 Login failed: Your IP/hostname is not authorized.


and when setting POLICY DENY in HOSTS.RULES i get following example :

[16:52:45] [R] Connecting to SERVER -> DNS=xxxxxxx IP=xxxxxxx PORT=xxxx
[16:52:45] [R] Connected to SERVER
[16:52:45] [R] Connection failed (Connection closed by server)

this is the way i would like ioftpd to treat all connections that is not in the user files, WITHOUT having to edit hosts.rules

i hope this feature could be considered for future ioftpd versions if not possible with the current one

Yil
09-21-2011, 05:11 PM
I think you're misunderstanding what is going on...

Reject_Unknown_Ips = True

That enables the EXACT feature you are looking for. The fact that you can connect to the server and receive a response means your IP address matches at least one user hostmask.

However, the '530 Login failed: Your IP/hostname is not authorized.' messages means your current ident/host/ip doesn't match any hostmask for THAT USER. Use 'site uinfo rusher' to view your hostmasks and you'll see that nothing matches. It should be pointed out that you ONLY get that particular error message if you correctly entered a valid user/pass. If you had the password wrong you'd get a generic login failed error.

You can also look into logs/error.log to see more info. It should show your current ident IP/host used to test hostmasks against to verify things.

Rusher
09-22-2011, 01:40 PM
thats wierd then because i am the only one with that hostmask..


i have 81.231.xxx.xxx

the closest any other added hostmask is 81.234.xxx.*

and it still lets me try to login.. well i will have to try this from the start :D backup current ../users/ and replace with default only and try