Page 1 of 1

Limit Plain FTP Connections to Specific Set of IP Addresses

Posted: Thu Apr 24, 2014 9:48 am
by graphicequaliser
Is it possible to set up Cerberus so that SFTP connections function as normal, but FTP can use plain text if it is coming from a known set of IP addresses (inside our VPN in our case)? How does one do this?

Also, in Simple Directory Mode, you cannot navigate the directory back up to your root, after navigating down through subdirectories (seems like a bug, but it may be a security measure).

TIA, regards,

Mark Jacobs

Re: Limit Plain FTP Connections to Specific Set of IP Addres

Posted: Thu Apr 24, 2014 11:47 am
by graphicequaliser
I found a way to do it. You have to set up a new inbound rule for port 21 for Windows firewall with the Scope limited to the remote IP addresses you require. Then, you have to change the "Cerberus FTP Server" rule to only allow TCP ports 22, and 11000-13000. Then allow plain text ftp through Cerberus under Configure, Interfaces, point at the non-default port 21 FTP interface, and uncheck the 2 checkboxes under the "Security" section. Thank goodness for Windows Firewall settings being so flexible under Windows 2008 R2. :)