> Oommen Thomas wrote:
>> oommen> raju> Fairly straightforward. The simplest method is to use a seperate
>> oommen> raju> network (and consequently IP address) for each card, so that (e.g.)
>> oommen> raju> ftp.xyz.com becomes 192.168.1.x while www.xyz.com becomes
>> oommen> raju> 10.10.10.x. This way all ftp/http requests automatically get routed to
>> oommen>
>> oommen> This seems possible.
>> oommen> How to do this with IP addresses - using ipfwadm ?
>> oommen>
>> oommen> raju> the appropriate network interface and network. Tell your FTP and WWW
>> oommen> raju> daemons to bind to these addresses (how to do that depends on which
>> oommen> raju> programs you are using).
>> oommen> raju>
>> oommen>
>> oommen> We use Apache 1.2.6 and wu-ftpd (Version wu-2.4.2-academ[BETA-16](1) Thu
>> oommen> May 7 23:18:05 EDT 1998)
>>
>> In Apache, we can use BindAddress directive, but what about ftpd?
>> I doubt whether it is possible to bind an IP addr is ftp.
>
> ftpd is normally run from inetd. If you use xinetd, it is possible to
> specify that a service binds to a specific IP address (you could
> always modify inetd to do the same thing).
>
> Another alternative is to use e.g. faucet (from the netpipes) package
> to run ftpd. Again, this allows you to bind to a specific IP address.
You can also just configure tcp_wrappers to run different
programs based on the *destination* address as well as
the *source* netmask.
Consider the following:
in.telnetd@192.168.1.127: 10. : twist /root/bin/my.intelnetd %a %c %d %h %H %n %N %p %s %u
in.telnetd: 192.168.1. : ALLOW
in.telnetd: ALL: DENY
The "twist" only applies if the telnet is connecction going to the
127 IP aliase (sub-interface) *and* coming from 10.*.*.* --- the
various % parameters relay information that tcpd "knows" about this
connection (read the man page for details).
To "virtual host" ftpd you could use something like:
in.ftpd@192.168.1.1: ALL : twist /root/bin/my.ftpd /virtualftp/host1
in.ftpd@192.168.1.2: ALL : twist /root/bin/my.ftpd /virtualftp/host2
in.ftpd@192.168.1.3: ALL : twist /root/bin/my.ftpd /virtualftp/host3
in.ftpd@192.168.1.4: ALL : twist /root/bin/my.ftpd /virtualftp/host4
in.ftpd@192.168.1.5: ALL : twist /root/bin/my.ftpd /virtualftp/host5
... where my.ftpd is a cd & chroot to /home/host? --- and
then an exec of the ftpd of your choice. This can allow
you to create different user accounts in each chroot jail
--- although you'll have to avoid the UID collisions yourself
(name collisions are irrelevant in this.
Also you *must not* allow the users who "own" these chroot
jails to *own* the various directories, libraries and files
thereunder. So, when a user wants to create an "account"
(for non-anonymous FTP) in their virtual domain, you'll
have to provide a means for them to do this, possibly an
SUID program that does all the checking, gets a globally
available UID, etc. Note that these accounts don't have to
exist in the "real" passwd file.
(It's much easier to do virtual FTP using ncftpd --- and
let it do all this management).
-- Jim Dennis (800) 938-4078 consulting@starshine.org Proprietor, Starshine Technical Services: http://www.starshine.org - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu