Change User Permissions Based on Login Location or IP Address
Posted: 2018-09-25 03:20
Hello. I have a network where some computers do not connect to the internet. One server IS connected to the internet. Maybe a user wants to receive an email attachment or download a program from the internet.
How I have that working currently is I have Filezilla server (version 0.9.37 beta LDAP) on the one internet-connected server and then a user can drop this file into the ftp while they are connected to the internet server, then the user goes to the NO-internet computers and uses a Filezilla client to pickup the file(s) and put them on their computer. These are separated by a firewall that only allows port 21 so the files can be transferred with FTP.
What I am trying to solve, however, is I do NOT want files able to be transferred from the no-internet computers to the internet server. I am trying to do this to keep the internal files more secure.
If it is not clear, my current setup is that one user accesses the same FTP server from both sides. So I have a JohnDoe who has write permissions to his folder from the Internet side. But when he accesses the FTP server while he is on the no-internet computer, is there any possibility that I can have the user with NO write permissions? Or is there any way to control this with IP filtering, or something?
Hope that makes sense. Thanks for any help that can be provided!
How I have that working currently is I have Filezilla server (version 0.9.37 beta LDAP) on the one internet-connected server and then a user can drop this file into the ftp while they are connected to the internet server, then the user goes to the NO-internet computers and uses a Filezilla client to pickup the file(s) and put them on their computer. These are separated by a firewall that only allows port 21 so the files can be transferred with FTP.
What I am trying to solve, however, is I do NOT want files able to be transferred from the no-internet computers to the internet server. I am trying to do this to keep the internal files more secure.
If it is not clear, my current setup is that one user accesses the same FTP server from both sides. So I have a JohnDoe who has write permissions to his folder from the Internet side. But when he accesses the FTP server while he is on the no-internet computer, is there any possibility that I can have the user with NO write permissions? Or is there any way to control this with IP filtering, or something?
Hope that makes sense. Thanks for any help that can be provided!