[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firewall



On Tue, 9 Dec 1997, Erez Doron wrote:

> Jonathan Ben-Avraham wrote:
> 
> > On Mon, 8 Dec 1997, Erez Doron wrote:
> >
> > > Hi
> > >  I've just compiled my kerenel as firewall
> > > ( selected firewall, and no ip-forwarding)
> > > id there a way to tell inetd to listen to one interface and not to
> > > another ?
> > >
> > Note that although it listens to both, it does not pass packets between
> > the interfaces. That is, from either interface you can ping the other but
> > you cannot pass packets to it. This is pretty deep in IP, I don't see how
> > you can change it without hacking the code.
> >
>   the reason i ask this is because i want to be able to telnet the firwall
>   from inside and not from outside.
> 
> regards
> Erez.
> 
> 
This is not an IP problem. You need to set this up in /etc/hosts.deny like
this:

in.telnetd: ALL

and in /etc/hosts.allow like this:

in.telnetd: my_inside_host

Don't forget to kick (kill -HUP) inetd after you change the /etc/hosts. 
files.
Cheers,

 - yba

   EE 77 7F 30 4A 64 2E C5  83 5F E7 49 A6 82 29 BA    ~. .~   TclTek Ltd.
 =}-------------------------------------------------ooO--U--Ooo-----------{=
  - benavrhm@tcltek.co.il - tel: +972.52.670.353, http://www.tcltek.co.il -