From: Irene A. Shilikhina (irene@iae.nsk.su)
Date: Wed Feb 09 2005 - 23:39:17 EST
I've got two replies, thanks to Stan Horwitz (temple.edu) and James
Sainsbury (chem.usyd.edu.au).
Stan wrote:
The best you can do in my opinion is to use tcpwrappers, which works
very well on all versions of Tru64 Unix. Tcpwrappers has been around
for years, offers great protection if properly configured, and a lot
of flexibility, but it is not ipchains.
I agree, tcpwrappers is a great tools, and -- it is not ipchains :-(
James suggests using a Linux box interpolating between our Alpha and the
network to use IP filters available there. He also gave a few interesting
links to implement some of possible approaches.
If you have a reasonable PC available you could interpolate a Linux box
between your alpha and the network and use iptables [netfilter] to
protect the alpha.
I have used this solution to protect a few windows machines that
couldn't be on a separate subnet.
There are a number of possibilities if you don't want to route
ipfilter + bridging
eg
http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
proxy arp
eg
http://www.sjdjweis.com/linux/proxyarp/
[Google will find more]
The "Linux Routers 2/e" by iTony Mancill also has a lot of useful
information.
Thank you again,
Irene
*************************************************************************
* *
* Irene A. Shilikhina e-mail: irene@alpha.iae.nsk.su *
* System administrator, *
* Institute of Automation & Electrometry, *
* Siberian Branch of Russian Academy of Sciences, *
* Novosibirsk, Russia *
* http://www.iae.nsk.su/~irene *
*************************************************************************
* *
* The road to hell is paved with good intentions. *
* *
*************************************************************************
On Wed, 9 Feb 2005, Irene A. Shilikhina wrote:
>
> Hi Tru64 folk,
>
> above is the subject I've found in the archives, and this is exactly the
> same as the question I wanted to ask. This summary, a copy of which is
> quoted beneath, was posted 24 Jan 2001 by Jose Antonio Puga Facal. As
> follows from its text, with 4.0D, I have no opportunity to create my own
> firewall on the box. The only hope is that for these four years there has
> appeared something new, appropriate for the case. I'm familiar with
> ipchains (on LINUX) and very interested in something like that. By the way,
> the link in the text concerning Tru64 does not exist any more...
>
> Any suggestions are welcome.
>
> Thank you,
> Irene
> *************************************************************************
> <START OF QUOTE>
> Hi managers:
>
> First of all, thank you to: (in order of appearance ;-)
>
> Brian Schau
> Nikola Milutinovic
> Thomas Leitner
>
> The question:
>
> "I want to protect a single Tru64 Unix box with a firewall like
> IPchains on Linux, which allows me to filter IP traffic.
> Do you know any public firewall which runs on Tru64 Unix
> to do this?"
>
> The answer:
>
> The new version 4 (currently in beta)
> of IP Filter is supported on Tru64 5.x AFAIK. See:
>
> http://coombs.anu.edu.au/~avalon/ip-filter.html
>
> Unfortunately, it isn't supported on Tru64 4.0f
>
> Toni Puga
> <END OF QUOTE>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:15 EDT