From: Claudio Lapidus (clapidus@hotmail.com)
Date: Tue Jul 02 2002 - 12:22:00 EDT
-----------Original question----------------
I have an XP900 box running 4.0F, which is connected to an internal network
through tu0 and to the Internet through tu1. Now the problem is that I want
to be VERY restrictive on the services offered to the public side, while
being more open to the internal network clients. I was unable to find a way
to limit access to diverse services based on interface or in source address,
the way tcp-wrappers in other platforms do. Can any of you people please
give some advice on this?
BTW, I also tried editing ifaccess.conf, but it doesn't seem to be working
at all. Actually, I was able to log in from a "forbidden" source address.
# cat /etc/ifaccess.conf | grep -v '^#'
tu1 zzz.aa.bb.6 255.255.255.255 permit
tu1 zzz.cc.dd.8 255.255.255.255 permit
tu1 zzz.ee.ff.13 255.255.255.255 permit
tu1 0.0.0.0 0.0.0.0 deny
#
--------------------------------------------
Stan Horwitz, kat and Lucien Hercaud suggested to use tcp wrappers, each
with his own (good) reasons. Among them are its finer grain control, not
only by interface but also by fingering at the source and other niceties.
Right now we are installing and configuring it, and it is starting to work.
With respect to the ifaccess issue, Peter Wuestner suggested to issue the
'ifconfig tu1 filter' command after editing the ifaccess.conf file. That
proved quite right, too.
Many thanks to all that took the time to respond.
regards
cl.
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:45 EDT