Contents 
 
What's new ? 
 
Overview 
Installation 
GUI preferences 
 
Global configuration 
IP Access configuration 
User configuration 
Group configuration 
Access configuration 
 
Dotfiles 
Attributes 
Using campus 
Features 
File Security 
 
Bugs and missing features 
Things to do 
Licence 
History 
 
Contact 
Internet Suite 
 
FAQ 
campus - FTP-server for BeOS®

campus: IP access configuration

Access configuration

Beginning with release 3.0 campus has the ability to allow and deny accesses from other hosts based on the ip address and/or the hostname of the remote host. To do this a new configuration option is introduced, using the ip keyword.
There are two possible formats for this command:

IP Connect Deny|Allow Host|Hosts List of hosts
IP Connect Deny|Allow Network Network Netmask Netmask

Important notes:

  • By default all accesses are allowed.
  • If hostname resolving is disabled only IP-masks can be used to control access!
  • The Connect keyword must always be present although currently it does not seem to be necessary. This is because in future releases of campus there will be more options in the IP configuration.
The configuration of IP restriction is similar to that of the file access. The lines either deny or allow access for the given argument (see below for an explanation of possible masks) and are applied from top to bottom whenever a user connects to the system.

Examples

The easiest way to explain possible host- and IP-masks are examples:
  1. IP Connect Deny Hosts *
    This lines denies access for all machines, even the machine on which campus is running.
  2. IP Connect Allow Host 127.0.0.1
    This lines allows access for the local machine. The IP address of the connecting machine has to match the given address exactly.
  3. IP Connect Allow Hosts *.be.com
    Here all machines that are in the domain be.com are allowed to connect. Remeber that for this to work you have to enable the resolving of hostnames!
  4. IP Connect Allow Network 10.0.0.0 Netmask 255.0.0.0
    In this case a binary AND of the IP address of the host of the incoming request and the Netmask is performed. The result is compared to the Network argument. If it matches the access is allowed or denied depending of the type of the IP line.
Notes:
  • The keywords Host and Hosts are equivalent, you can use either of them in your IP lines.
  • You can specify multiple hosts when you seperate them by comma.
To get a bit more practical here is an example of a configuration, in the following situation:
  • The machine is connected to a local network with IP addresses 192.168.1.x
  • The machine is connected to the inmternet on an arbitrary address
  • Connections from the local network are allowed, from the internet only certain machines will be allowed to access the server.
The IP access part of the configuration will look like this:

IP Connect Deny Hosts *
IP Connect Allow Hosts 192.168.1.*
or IP Connect Allow Network 192.168.1.0 Netmask 192.168.1.255
IP Connect Allow Hosts *.be.com

Normally you won't need to have a lot of lines in the access configuration if you don't plan to allow or deny access to your machine on a per-address basis. But keep in mind that due to the automatic reload of the configuration you have the possibility to deny access for a specific machine on the fly if you for example spot a denial-of-service attack from it.


Copyright © 1997-2002 Stegemann & Co., Inc., All Rights reserved.
Created: May 7, 2000. Last modified: January 12, 2002.