Re: IP Restrictions

From: Alun Jones [MS] (alunj_at_online.microsoft.com)
Date: 06/17/04

• Next message: Alun Jones [MS]: "RE: write access in IIS 6.0 FTP"
• Previous message: Ricardo: "Re: FTP user account"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 17 Jun 2004 17:24:19 GMT

Bernard's hinting here at one of the underlying facts of FTP - that
connections are made, not to host names, but to an IP address and port
number, and that's all the information the FTP server has when you connect.

You can use the command-line tool "ping" to find out what IP address a name
corresponds to. [DNS purists may suggest "nslookup", but I find that
because nslookup is exclusively DNS-based, it misses name resolution that
occurs at other levels, such as the "hosts" file.]

For instance, if you open a command-line window, and type "ping localhost",
it will show that it's trying to reach "[127.0.0.1]", and it'll precede
that with your computer's name.

Try the IP address on its own in a command-line FTP process, and you'll see
that you get the same results as when you use a name that resolves to that
IP address.

The next question becomes one of how you set up your FTP servers so that
they are differently restricted. If you set them up on two different
specific IP addresses, then everything should work as you expected - users
connecting to one IP address get one server, users connecting to the other
address get the other server. But if you set them up with the same IP
address as each other, and the same port, you will only be able to have one
of them running at a time, and it's that server whose settings are used.

Alun.
~~~~

--------------------
> From: "Bernard" <qbernard@hotmail.com.discuss>
>
> I'm confused. for DNS name A/Cname or etc, it will always associate with
IP
> address. If you are restricting the correct IP. whatever DNS name that
point
> to that IP will be rejected.
>
> Check the IIS log for more clue. See the actual IP address that is
> connecting to your server.
>
> "myarnall" <moyarnall@netscape.net> wrote in message
> news:f817109d.0405191547.6b03af56@posting.google.com...
> > I'm running IIS5 and am specifying restrictive access by IP. A DNS
> > alias (CNAME record) was added for the host. Users can successfully
> > establish an FTP connection using the either address, but the IP
> > restrictions do not apply to the alias (CNAME address). In other
> > words, any host can connect when they use the alias address. Any
> > ideas how to make the IP restrictions apply to both addresses?

---

• Next message: Alun Jones [MS]: "RE: write access in IIS 6.0 FTP"
• Previous message: Ricardo: "Re: FTP user account"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: FTP problem, Internet Explorer, IIS 5.0 ... have you try other ftp client application? ... Bernard Cheah ... > problems connecting. ... > to some servers but doesn't connect to one particular server. ... (microsoft.public.windowsxp.general) Re: FTP problem, Internet Explorer, IIS 5.0 ... have you try other ftp client application? ... Bernard Cheah ... > problems connecting. ... > to some servers but doesn't connect to one particular server. ... (microsoft.public.inetserver.iis) UDP and C++. ... I have an xPC system (Host PC and Target PC) setup. ... // Create a SOCKET for connecting to server ... (comp.soft-sys.matlab) adding a 2nd Biztalk server ... We now want to turn up the 2nd BizTalk ... running) because of the known issue with FTP receive ports not playing nice, ... processed twice) we turned off the 2nd server. ... We have both biztalk servers up and running using the same host (the ... (microsoft.public.biztalk.server) Re: FTP in WinXP ... > have tried several different FTP programs, ... > Services Personal Pages Server: ... > Host Name:personalpages.tds.net ... servers though is that, when the webspace is first set up, a default.html ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)