After much discussion around here, in this case (telnet over the Internet)
SSH is probably the safer way of doing it. If you want to use telnet though,
with a PIX you would use a couple of commands something like:
static (inside,outside) <advertised address> <internal address of server>
netmask 255.255.255.255 0 0
conduit permit tcp host <advertised address> eq telnet host <ip address you
want to permit>
Wes Noonan, MCSE/MCT/CCNA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
[EMAIL PROTECTED]
http://www.bmc.com
-----Original Message-----
From: Andrew J. Caird [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 22, 2001 18:19
To: jeremy
Cc: Firewalls
Subject: Re: question about telnet
>>> On Mon, 22 Jan 2001 15:48:30 -0800, "jeremy"
>>> <[EMAIL PROTECTED]> said:
JC> Hi,
JC> I would like to know how i can block telnet to everyone
JC> except one ip address... what im asking is i want all
JC> users that are trying to connect to telnet be blocked as
JC> normal ( stealthed so no one knows its running ) yet
JC> allow my home ip to telnet in and admin the server. Is
JC> this possible?
It depends on the firewall, but Firewall-1 can do this, sort
of. You have to open up another port (259). One would then
telnet to that and authenticate. It notes your IP address
and checks the rules for what you're allowed to do, and
opens the appropriate ports to the appropriate IP addresses
from your IP address (whatever it might be at the time).
Does that make sense? If other firewalls can do this, I'd
like to know about it.
Hope this helps.
--andy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
