[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: firewall
Jonathan Ben-Avraham wrote:
> On Tue, 9 Dec 1997, Erez Doron wrote:
>
> > Jonathan Ben-Avraham wrote:
> >
> > > On Mon, 8 Dec 1997, Erez Doron wrote:
> > >
> > > > Hi
> > > > I've just compiled my kerenel as firewall
> > > > ( selected firewall, and no ip-forwarding)
> > > > id there a way to tell inetd to listen to one interface and not to
> > > > another ?
> > > >
> > > Note that although it listens to both, it does not pass packets between
> > > the interfaces. That is, from either interface you can ping the other but
> > > you cannot pass packets to it. This is pretty deep in IP, I don't see how
> > > you can change it without hacking the code.
> > >
> > the reason i ask this is because i want to be able to telnet the firwall
> > from inside and not from outside.
> >
> > regards
> > Erez.
> >
> >
> This is not an IP problem. You need to set this up in /etc/hosts.deny like
> this:
>
> in.telnetd: ALL
>
> and in /etc/hosts.allow like this:
>
> in.telnetd: my_inside_host
>
> Don't forget to kick (kill -HUP) inetd after you change the /etc/hosts.
> files.
> Cheers,
>
> - yba
>
> EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ TclTek Ltd.
> =}-------------------------------------------------ooO--U--Ooo-----------{=
> - benavrhm@tcltek.co.il - tel: +972.52.670.353, http://www.tcltek.co.il -
telnet was just an example, i wanted also squid, ftp finger talk nfs ...
to be accessed from inside.
not all are accessed via inetd.
I'm looking for a global way to set all thease utils to be able to be accesed
only from one interface.
to count only on host.allow and host.deny is a securiry hole because someone can
impersonate a local computer which is allowed, and get acess.
is there a way to make any program only to be able to be accessed only from one
interface ?
regards
Erez.
- References:
- Re: firewall
- From: Jonathan Ben-Avraham <benavrhm@tcltek.co.il>