Limit Plain FTP Connections to Specific Set of IP Addresses

Questions dealing with specific FTP clients and Cerberus FTP Server.
Post Reply
graphicequaliser
New User
Posts: 3
Joined: Thu Apr 24, 2014 9:11 am

Limit Plain FTP Connections to Specific Set of IP Addresses

Post by graphicequaliser » Thu Apr 24, 2014 9:48 am

Is it possible to set up Cerberus so that SFTP connections function as normal, but FTP can use plain text if it is coming from a known set of IP addresses (inside our VPN in our case)? How does one do this?

Also, in Simple Directory Mode, you cannot navigate the directory back up to your root, after navigating down through subdirectories (seems like a bug, but it may be a security measure).

TIA, regards,

Mark Jacobs

graphicequaliser
New User
Posts: 3
Joined: Thu Apr 24, 2014 9:11 am

Re: Limit Plain FTP Connections to Specific Set of IP Addres

Post by graphicequaliser » Thu Apr 24, 2014 11:47 am

I found a way to do it. You have to set up a new inbound rule for port 21 for Windows firewall with the Scope limited to the remote IP addresses you require. Then, you have to change the "Cerberus FTP Server" rule to only allow TCP ports 22, and 11000-13000. Then allow plain text ftp through Cerberus under Configure, Interfaces, point at the non-default port 21 FTP interface, and uncheck the 2 checkboxes under the "Security" section. Thank goodness for Windows Firewall settings being so flexible under Windows 2008 R2. :)

Post Reply