There are several options
man ftpd :
Ftpd authenticates users according to six rules.
1. The login name must be in the password data base and not
a null password. In this case a password must be provided
the client before any file operations may be performed. If
the user has an S/Key key, the response from a successful
command will include an S/Key challenge. The client may
choose to respond with a PASS command giving either a
password or an S/Key one-time password. The server will
matically determine which type of password it has been given
and attempt to authenticate accordingly. See key(1) for
information on S/Key authentication. S/Key is a Trademark
2. The login name must not appear in the file /etc/ftpusers.
3. The login name must not be a member of a group specified in
the file /etc/ftpusers. Entries in this file interpreted as
Therefore you could restrict access by only allowing yourself to login.
If the winme box is performing NAT as I understand it, the IP trying to
access your FreeBSD box will be different to that of the WinMe box...
correct? IE the FreeBSD box will get an FTP request from evilhackers.org,
not the IP of the Winme box (unless of course that box is comprimised.) The
other alternative is to only allow FTP access from the IP of the WinMe box.
But as mentioned, if the WinMe box is hacked, your FreeBSD FTP server may be
vulerable using this method.
> Hi all:
> I have inetd running and have ftp and telnet uncommented in
> /etc/inetd.conf. I have home LAN with WinME the gateway to internet
> configured as:
> Would it be possible to allow ftp only from my WinME (192.168.0.1)
> so that an evil cracker from hives.of.evil.cracker.org won't be able
> to connect to my FreeBSD box?
> Thanks for all enlightenments.
> vector sigma