未完成的实验
his example should quickly show you the possibilites of per-IP configuration
with vsftpd\'s tcp_wrappers integration. This is new with v1.1.3.
To use this, you need vsftpd built with tcp_wrappers! This is accomplished
by editing \"builddefs.h\" and changing
#undef VSF_BUILD_TCPWRAPPERS
to
#define VSF_BUILD_TCPWRAPPERS
And then rebuild. If you are lucky your vendor will have shipped the vsftpd
binary with this already done for you.
Next, to enable tcp_wrappers integration, you need this in your vsftpd.conf:
tcp_wrappers=YES
And you\'ll need a tcp_wrappers config file. An example one is supplied in this
directory: hosts.allow. It lives at /etc/hosts.allow.
Let\'s have a look at the example:
vsftpd: 192.168.1.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd_tcp_wrap.conf
vsftpd: 192.168.1.4: DENY
The first line:
If a client connects from 192.168.1.3, then vsftpd will apply the vsftpd
config file /etc/vsftpd_tcp_wrap.conf to the session! These settings are
applied ON TOP of the default vsftpd.conf.
This is obviously very powerful. You might use this to apply different
access restrictions for some IPs (e.g. the ability to upload).
Or you could give certain classes of IPs the ability to skip connection
limits (max_clients=0).
Or you could increase / decrease the bandwidth limiter for certain classes
of IPs.
You get the point ![icon_smile.gif](http://www.chinalinuxpub.com/"http://bbs.chinaunix.net/forum/images/smiles/icon_smile.gif/")
The second line:
Denies the ability of 192.168.1.4 to connect. Very useful to take care of
troublemakers. And now you don\'t need xinetd to do it - hurrah.
This example shows how you might set up virtual hosts. Virtual hosting is
where different clients access your machine on different IP addresses (virtual
IPs) and get redirected to different ftp sites.
For example, if your machine responds to two IPs - 127.0.0.1 and 127.0.0.2,
you could have the two different IPs represent two totally different FTP sites.
For this example, we are going to build on the \"INTERNET_SITE\" example.
Step 1) Set up a virtual IP address.
ifconfig eth0:1 192.168.1.10 up
(the standard IP address is 192.168.1.2)
(note - this isn\'t quite complete, the route for local connects hasn\'t been
added, but it will do for now)
Step 2) Create a user / location for the new virtual site.
useradd -d /var/ftp_site2 ftp_site2
chown root.root /var/ftp_site2
chmod a+rx /var/ftp_site2
umask 022
mkdir /var/ftp_site2/pub
echo \"test\" > /var/ftp_site2/pub/content
Step 3) Modify the existing site to respond to the primary IP.
Edit /etc/xinetd.d/vsftpd, and add the config line:
This example shows how you might set up virtual hosts. Virtual hosting is
where different clients access your machine on different IP addresses (virtual
IPs) and get redirected to different ftp sites.
For example, if your machine responds to two IPs - 127.0.0.1 and 127.0.0.2,
you could have the two different IPs represent two totally different FTP sites.
For this example, we are going to build on the \"INTERNET_SITE\" example.
Step 1) Set up a virtual IP address.
ifconfig eth0:1 192.168.1.10 up
(the standard IP address is 192.168.1.2)
(note - this isn\'t quite complete, the route for local connects hasn\'t been
added, but it will do for now)
Step 2) Create a user / location for the new virtual site.
useradd -d /var/ftp_site2 ftp_site2
chown root.root /var/ftp_site2
chmod a+rx /var/ftp_site2
umask 022
mkdir /var/ftp_site2/pub
echo \"test\" > /var/ftp_site2/pub/content
Step 3) Modify the existing site to respond to the primary IP.
Edit /etc/xinetd.d/vsftpd, and add the config line:
bind = 192.168.1.2
Step 4) Create the new site, responding on the virtual IP.
cp /etc/xinetd.d/vsftpd /etc/xinetd.d/vsftpd2
Edit vsftpd2, and change
- The bind line to refer to the IP address 192.168.1.10
- Add the line
server_args = /etc/vsftpd_site2.conf
This launches this FTP site with a different vsftpd configuration file.
cp /etc/vsftpd.conf /etc/vsftpd_site2.conf
Add two lines:
ftp_username=ftp_site2
ftpd_banner=This is the alternative FTP site.
Step 5) Restart xinetd and test!
/etc/rc.d/init.d/xinetd restart
[chris@localhost vsftpd] $ ftp 192.168.1.2
Connected to 192.168.1.2 (192.168.1.2).
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.2:chris): [chris@localhost vsftpd] $
[chris@localhost vsftpd] $ ftp 192.168.1.2
Connected to 192.168.1.2 (192.168.1.2).
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.2:chris):
530 This FTP server is anonymous only.
Login failed.
ftp> quit
221 Goodbye.
[chris@localhost vsftpd] $ ftp 192.168.1.10
Connected to 192.168.1.10 (192.168.1.10).
220 This is the alternative FTP site.
Name (192.168.1.10:chris):
530 This FTP server is anonymous only.
Login failed.
ftp>
上一页 [1] [2] [3] [4] [5] [6] 
-