Block / Allow IP Addresses to FTP (ubuntu / vsftpd)

komodosp

Hi folks

The server admin recently at my request blocked FTP access for all but a chosen few IP addresses.

However he's gone off on holidays and we need a few more addresses to be allowed. Just wondering is there any way I can do it from the command line?

I have tried

Searching for .ftpaccess files (couldn't find any except in an obscure directory)

Using iptables (I can't access from the IP addresses I have entered there, and it doesn't list the ones that he specified)

Doing ufw show raw (shows only the addresses I allowed myself using iptables)
and ufw allow from ... (still no access)

etc/vsftpd.conf (doesn't have listen_address specified)

etc/hosts.allow (empty except for introductory comments)


None of these reveals the addresses he already allowed through.

Is there anywhere else I can be looking?

ressem

Have you ruled out the other network equipment, which would be my first choice to place IP based access rules?

Is the setup designed to allow access from only a small group of internal IP addresses / machines on your LAN? In which case there might be VLANS on the switches /routers.

Or are the existing allowed IP addresses of an external IP type? If so there's the possibility that they are blocked on a main office firewall instead.

Is the ftp server connected to the LAN directly or to a DMZ of the main firewall?