FileZilla Forums

Hello. I have a network where some computers do not connect to the internet. One server IS connected to the internet. Maybe a user wants to receive an email attachment or download a program from the internet.

How I have that working currently is I have Filezilla server (version 0.9.37 beta LDAP) on the one internet-connected server and then a user can drop this file into the ftp while they are connected to the internet server, then the user goes to the NO-internet computers and uses a Filezilla client to pickup the file(s) and put them on their computer. These are separated by a firewall that only allows port 21 so the files can be transferred with FTP.

What I am trying to solve, however, is I do NOT want files able to be transferred from the no-internet computers to the internet server. I am trying to do this to keep the internal files more secure.

If it is not clear, my current setup is that one user accesses the same FTP server from both sides. So I have a JohnDoe who has write permissions to his folder from the Internet side. But when he accesses the FTP server while he is on the no-internet computer, is there any possibility that I can have the user with NO write permissions? Or is there any way to control this with IP filtering, or something?

Hope that makes sense. Thanks for any help that can be provided!

We do not support third-party modifications to FileZilla Server.

by botg » 2018-09-25 00:46

We do not support third-party modifications to FileZilla Server.

Thanks botg. Sorry if I wasn't clear; I was trying to see if there is some option with the existing FileZilla Server that can help me with what I am trying to do.

If there is no option currently, maybe I can send my request into the feature requests.

It is just that if a user accesses the FTP from one side, I want them to have read/write permissions. If they access the FTP from the other side, I want them to have only read permissions.

Thank you.

The official version doesn't support LDAP and probably never will - so, if you depend on that, you're essentially stuck.

That's the problem with half-assed forks - eventually the author loses interest and they are stopped updating.

I solved what I was trying to handle on the original post of this thread.

I found this other thread (Multiple Instances under Server 2008) and used that. It worked perfectly. Thanks to macfos and boco!

I made two instances of FZ Server per the instructions in the above thread, then on each instance, I used IP Filters and I changed the permissions.

FZ Server instance "A" for users on the Internet side had IP Filters to block connections from the no-Internet computers. I also changed permissions appropriate for these users, basically full read/write.

FZ Server instance "B" for users on the no-Internet computers had IP filters to block connections from the Internet side. I also changed permissions appropriate for these users, basically read-only access.

Hope this helps in case someone else is trying to figure it out down the road.