limiting ftp connection per nic mac address

Taking care of your Linux box.

limiting ftp connection per nic mac address

Postby ghulam yaseen » Thu Nov 26, 2009 4:53 pm

Dear All,

I am currently able to limit ftp connection per IP but since in an ISP envirment more than one user gets same ip address and are refused the connection due to one download per host, is it possible that we limit them using their MAC address......one download per mac address.

Regards,
Ghulam Yaseen
ghulam yaseen
Naik
 
Posts: 68
Joined: Thu Aug 07, 2008 6:09 pm
Location: karachi

Postby lambda » Fri Nov 27, 2009 1:01 am

unless the users are on the same physical network, you can't see their mac addresses.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Re:

Postby LinuxFreaK » Mon Dec 07, 2009 2:00 pm

Dear ghulam yaseen,
Salam,

I think you forget what you have learn @ Server4Sale.

# iptables -A INPUT -p tcp --dport 21 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
# iptables -A INPUT -p tcp --dport 21 -j REJECT


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

proftpd configuration

Postby ghulam yaseen » Tue Dec 08, 2009 12:34 pm

w/salam,
Dear Farrukh bhai,

I am sure you taken my question in the firewall sense....but that's not it. It is that i get around ten thousands users connect to my ftp server every day from karachi only, my proftpd configuration restricts one connection per REAL IP and many users get one real IP and diffrent LAN IP's as per their network. when the second users from the same IP gets connected he is refused the connection and i can see the FTP logs denying it connection

Dec 8 -------- ftp_hostname proftpd[17129]: ftp.xx.xx (Real IP[REAL IP]) - Connection refused (max clients per host 1)

so i hope you get idea what i am looking to implement. If you have any other tool that i can implement, i will appreciate you advise
ghulam yaseen
Naik
 
Posts: 68
Joined: Thu Aug 07, 2008 6:09 pm
Location: karachi

Postby lambda » Tue Dec 08, 2009 8:18 pm

like i said, you can't see mac addresses over the internet. if it's a public ftp server (ie, anonymous logins), there's nothing you can do other than raise the limit.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron