[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firewall



On Tue, 9 Dec 1997, Jonathan Ben-Avraham wrote:

> On Tue, 9 Dec 1997, Erez Doron wrote:
> 
> > Jonathan Ben-Avraham wrote:
> > 
> > > On Mon, 8 Dec 1997, Erez Doron wrote:
> > >
> > > > Hi
> > > >  I've just compiled my kerenel as firewall
> > > > ( selected firewall, and no ip-forwarding)
> > > > id there a way to tell inetd to listen to one interface and not to
> > > > another ?
> > > >
> > > Note that although it listens to both, it does not pass packets between
> > > the interfaces. That is, from either interface you can ping the other but
> > > you cannot pass packets to it. This is pretty deep in IP, I don't see how
> > > you can change it without hacking the code.
> > >
> >   the reason i ask this is because i want to be able to telnet the firwall
> >   from inside and not from outside.
> > 
> > regards
> > Erez.
> > 
> > 
> This is not an IP problem. You need to set this up in /etc/hosts.deny like
> this:
> 
> in.telnetd: ALL
> 
> and in /etc/hosts.allow like this:
> 
> in.telnetd: my_inside_host

Better add LOCAL to /etc/hosts.allow if you want to be able to `telnet
localhost`, like this:

in.telnetd: LOCAL, my_inside_host(s)

For a complete description of these files, see:

man -S 5 hosts_access

> Don't forget to kick (kill -HUP) inetd after you change the /etc/hosts. 
> files.

No need to do this. These files are read by tcpd not by inetd.

Andy

Dr Andy Tsouladze
Unix System Administrator
Motorola Communications Israel
mailto:andyt@mcil.comm.mot.com
mailto:andy@spl.co.il (old)
mailto:andy@environment.negev.k12.il
http://www.spl.co.il/~andy