Dear All,
I am currently able to limit ftp connection per IP but since in an ISP envirment more than one user gets same ip address and are refused the connection due to one download per host, is it possible that we limit them using their MAC address......one download per mac address.
Regards,
Ghulam Yaseen
limiting ftp connection per nic mac address
-
ghulam yaseen
- Naik
- Posts: 68
- Joined: Thu Aug 07, 2008 6:09 pm
- Location: karachi
unless the users are on the same physical network, you can't see their mac addresses.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
LinuxFreaK
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear ghulam yaseen,
Salam,
I think you forget what you have learn @ Server4Sale.
# iptables -A INPUT -p tcp --dport 21 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
# iptables -A INPUT -p tcp --dport 21 -j REJECT
Best Regards.
Salam,
I think you forget what you have learn @ Server4Sale.
# iptables -A INPUT -p tcp --dport 21 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
# iptables -A INPUT -p tcp --dport 21 -j REJECT
Best Regards.
Farrukh Ahmed
-
ghulam yaseen
- Naik
- Posts: 68
- Joined: Thu Aug 07, 2008 6:09 pm
- Location: karachi
proftpd configuration
w/salam,
Dear Farrukh bhai,
I am sure you taken my question in the firewall sense....but that's not it. It is that i get around ten thousands users connect to my ftp server every day from karachi only, my proftpd configuration restricts one connection per REAL IP and many users get one real IP and diffrent LAN IP's as per their network. when the second users from the same IP gets connected he is refused the connection and i can see the FTP logs denying it connection
Dec 8 -------- ftp_hostname proftpd[17129]: ftp.xx.xx (Real IP[REAL IP]) - Connection refused (max clients per host 1)
so i hope you get idea what i am looking to implement. If you have any other tool that i can implement, i will appreciate you advise
Dear Farrukh bhai,
I am sure you taken my question in the firewall sense....but that's not it. It is that i get around ten thousands users connect to my ftp server every day from karachi only, my proftpd configuration restricts one connection per REAL IP and many users get one real IP and diffrent LAN IP's as per their network. when the second users from the same IP gets connected he is refused the connection and i can see the FTP logs denying it connection
Dec 8 -------- ftp_hostname proftpd[17129]: ftp.xx.xx (Real IP[REAL IP]) - Connection refused (max clients per host 1)
so i hope you get idea what i am looking to implement. If you have any other tool that i can implement, i will appreciate you advise
like i said, you can't see mac addresses over the internet. if it's a public ftp server (ie, anonymous logins), there's nothing you can do other than raise the limit.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?