Change User Permissions Based on Login Location or IP Address

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
sellis25run
500 Command not understood
Posts: 3
Joined: 2018-09-25 02:07

Change User Permissions Based on Login Location or IP Address

#1 Post by sellis25run » 2018-09-25 03:20

Hello. I have a network where some computers do not connect to the internet. One server IS connected to the internet. Maybe a user wants to receive an email attachment or download a program from the internet.

How I have that working currently is I have Filezilla server (version 0.9.37 beta LDAP) on the one internet-connected server and then a user can drop this file into the ftp while they are connected to the internet server, then the user goes to the NO-internet computers and uses a Filezilla client to pickup the file(s) and put them on their computer. These are separated by a firewall that only allows port 21 so the files can be transferred with FTP.

What I am trying to solve, however, is I do NOT want files able to be transferred from the no-internet computers to the internet server. I am trying to do this to keep the internal files more secure.

If it is not clear, my current setup is that one user accesses the same FTP server from both sides. So I have a JohnDoe who has write permissions to his folder from the Internet side. But when he accesses the FTP server while he is on the no-internet computer, is there any possibility that I can have the user with NO write permissions? Or is there any way to control this with IP filtering, or something?

Hope that makes sense. Thanks for any help that can be provided!

User avatar
botg
Site Admin
Posts: 31605
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Change User Permissions Based on Login Location or IP Address

#2 Post by botg » 2018-09-25 07:46

We do not support third-party modifications to FileZilla Server.

sellis25run
500 Command not understood
Posts: 3
Joined: 2018-09-25 02:07

Re: Change User Permissions Based on Login Location or IP Address

#3 Post by sellis25run » 2018-09-25 19:34

by botg » 2018-09-25 00:46

We do not support third-party modifications to FileZilla Server.
Thanks botg. Sorry if I wasn't clear; I was trying to see if there is some option with the existing FileZilla Server that can help me with what I am trying to do.

If there is no option currently, maybe I can send my request into the feature requests.

It is just that if a user accesses the FTP from one side, I want them to have read/write permissions. If they access the FTP from the other side, I want them to have only read permissions.

Thank you.

User avatar
boco
Contributor
Posts: 24156
Joined: 2006-05-01 03:28
Location: Germany

Re: Change User Permissions Based on Login Location or IP Address

#4 Post by boco » 2018-09-25 22:53

The official version doesn't support LDAP and probably never will - so, if you depend on that, you're essentially stuck. :(

That's the problem with half-assed forks - eventually the author loses interest and they are stopped updating.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

sellis25run
500 Command not understood
Posts: 3
Joined: 2018-09-25 02:07

Re: Change User Permissions Based on Login Location or IP Address

#5 Post by sellis25run » 2018-09-27 04:34

I solved what I was trying to handle on the original post of this thread.

I found this other thread (Multiple Instances under Server 2008) and used that. It worked perfectly. Thanks to macfos and boco! :D

I made two instances of FZ Server per the instructions in the above thread, then on each instance, I used IP Filters and I changed the permissions.

FZ Server instance "A" for users on the Internet side had IP Filters to block connections from the no-Internet computers. I also changed permissions appropriate for these users, basically full read/write.

FZ Server instance "B" for users on the no-Internet computers had IP filters to block connections from the Internet side. I also changed permissions appropriate for these users, basically read-only access.

Hope this helps in case someone else is trying to figure it out down the road.

Post Reply