From: Thomas.Voegeli@access.unizh.ch
Date: Tue May 18 2004 - 09:37:05 EDT
Dear managers,
I disabled unwanted services and had a try with tcp-wrappers - yes it does
what we want.
Thanks to all who responded.
Thomas
The origianal question was:
>we have a Alpha (Tru64, 5.1B) with 2 ethernet-interfaces.
>
>One of the interfaces is connected to a common LAN
>the other interface is connected to a private LAN.
>
>The alpha is not used as a gateway/router.
>
>How can I ensure that hosts on the common LAN can only access port 80 and
>port 443?
>Any host on the common LAN should not be allowed to access any other
>service exept http and https.
Suggestions where:
> Not necessarily a hardware firewall. You could run ipfilter or similar
> firewalling tools for unix on your machines or even simpler, limit the number
> of services you run on the alpha and make sure that those that you do leave
> running are compiled against tcp wrappers and thus access to them can be
> controlled via hosts.deny and hosts.allow files.
> Install tcpwrappers.
> tcp_wrappers might do what you want.
> You could do it with a software package called "ip-filter"... the howto
> isn't that great though...
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:59 EDT