Re: Diald and Telnet

Chad S. Lauritsen Tue, 21 Sep 1999 15:19:36 -0700
You don't point the telnet server or any TCP/IP service, for that matter, at a
particular *interface*, but you can block or allow certain services to certain IP
numbers and/or domain names in the /etc/hosts.allow and /etc/hosts.deny.  Since
each physical interface is bound to a unique IP number, this could have the
effect of blocking access to the telnetd server on internet-available interfaces
through exclusion of the interfaces IP number in the hosts.allow file. E.g. if
the only hosts you  want to telnet in from are in the 192.168.*.* LAN, and in
*.mydomain.com,  put this in /etc/hosts.allow

###################################################
#
# hosts.allow  This file describes the names of hosts which are
#                   allowed to use the local INET services, as decided
#                   by the '/usr/sbin/tcpd' server.
#
in.telnetd: LOCAL, 192.168., .mydomain.com
####################################

Then anyone, (except someone coming from mydomain.com(or pretending to!)) from
the internet will not be able to log in via telnet to your server.  You should
really read the man pages or some other HOWTO, etc. to understand all the
implications of these files (I have not!!)

You could actually go so far as to specify each host you wish to allow by IP
number explicitly.
You can start with 'man 5 hosts_access' or just 'man hosts.allow' on my box
works.

Of course, if someone can spoof IP numbers, this will not work.!

[EMAIL PROTECTED] wrote:

> Is it possible to disable telnet to be bind to the ppp interface? I don't want
> people to be able to telnet to my isp internet connection. I believe this is
> possible setting the protocols and creating standard diald filters. Is it also
> possible to do it in general and only allow telnet to work under the eth0
> interface regardless of diald?
>
> Thanks
>
> -pa
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]

--
******************************************************************
* Chad S. Lauritsen, Systems Administrator                       *
* Perfection Learning Corporation                                *
* 1000 North Second Avenue                                       *
* Logan, IA 51546                                                *
* 712.644.2831 x 223                                             *
+================================================================+
+ Something to do, something to love, and something to hope for; +
+ these are the grand essentials of happiness.                   +
+================================================================+




-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
Re: Diald and Telnet

Reply via email to
