GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- restricting network access on two lan cards
Operating System - HP-UX
1845738
Members
3400
Online
110249
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2002 11:04 PM
07-07-2002 11:04 PM
My hosts uses multiple lan cards with ip addresses in different networks
lan0 : ip a.b.c.d
lan1: ip w..x.y.z
can I restrict different network access to this addresses, i.e. telnet should be allowed to a.b.c.d only while http should only be allowed to w.x.y.z
Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Solved! Go to Solution.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2002 11:45 PM
07-07-2002 11:45 PM
Re: restricting network access on two lan cards
Hi Rainer,
You can restrict the traffic from your apache web server to certain IP's from within your apache httpd.conf file. Have a look here for
virtual hosts.
http://httpd.apache.org/docs/misc/FAQ.html
If you wish to restrict telnet you will need to use something like ssh and have telnet turned off.
Michael
You can restrict the traffic from your apache web server to certain IP's from within your apache httpd.conf file. Have a look here for
virtual hosts.
http://httpd.apache.org/docs/misc/FAQ.html
If you wish to restrict telnet you will need to use something like ssh and have telnet turned off.
Michael
Anyone for a Mutiny ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2002 12:09 AM
07-08-2002 12:09 AM
Solution
you can also look at inetd.sec: try man inetd.sec
inetd.sec(4) inetd.sec(4)
NAME
inetd.sec - optional security file for inetd
DESCRIPTION
When inetd accepts a connection from a remote system, it checks the
address of the host requesting the service against the list of hosts
to be allowed or denied access to the specific service (see
inetd(1M)). The file inetd.sec allows the system administrator to
control which hosts (or networks in general) are allowed to use the
system remotely. This file constitutes an extra layer of security in
addition to the normal checks done by the services. It precedes the
security of the servers; that is, a server is not started by the
Internet daemon unless the host requesting the service is a valid host
according to inetd.sec.
inetd.sec(4) inetd.sec(4)
NAME
inetd.sec - optional security file for inetd
DESCRIPTION
When inetd accepts a connection from a remote system, it checks the
address of the host requesting the service against the list of hosts
to be allowed or denied access to the specific service (see
inetd(1M)). The file inetd.sec allows the system administrator to
control which hosts (or networks in general) are allowed to use the
system remotely. This file constitutes an extra layer of security in
addition to the normal checks done by the services. It precedes the
security of the servers; that is, a server is not started by the
Internet daemon unless the host requesting the service is a valid host
according to inetd.sec.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2002 01:13 AM
07-08-2002 01:13 AM
Re: restricting network access on two lan cards
ok , the simplest way is indeed inetd.sec
just add a line like :
telnet allow ip-range
http allow ip-range
will effectively block any incomming request on that process to ip adresses comming from a different ip range , the allow hold an implicit deny any other range will be refused , however if you also want to prevent outgoing telnets (I don't think that is the case) you need a firewall type of applications which closes of the socket for telnet and http for defined ranges in outgoing traffic
just add a line like :
telnet allow ip-range
http allow ip-range
will effectively block any incomming request on that process to ip adresses comming from a different ip range , the allow hold an implicit deny any other range will be refused , however if you also want to prevent outgoing telnets (I don't think that is the case) you need a firewall type of applications which closes of the socket for telnet and http for defined ranges in outgoing traffic
...knowing one ignores a greath many things is the first step to wisdom...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2002 06:59 AM
07-09-2002 06:59 AM
Re: restricting network access on two lan cards
I don't think inetd.sec supports "per interface" filtering. httpd.conf virtual address setup is rather arcane, and won't meet your telnet need, as noted.
To have the box self-defend, you'll probably need a package like IPF (http://coombs.anu.edu.au/~avalon/ip-filter.html)
or you might be able to do what you want with TCPWrappers
(ftp://ftp.porcupine.org/pub/security)
Depending on what sort of router you have, the easiest thing to do might be to have the router do the filtering.
To have the box self-defend, you'll probably need a package like IPF (http://coombs.anu.edu.au/~avalon/ip-filter.html)
or you might be able to do what you want with TCPWrappers
(ftp://ftp.porcupine.org/pub/security)
Depending on what sort of router you have, the easiest thing to do might be to have the router do the filtering.
"I have great faith in fools; self-confidence, my friends call it." --Poe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2002 07:12 AM
07-09-2002 07:12 AM
Re: restricting network access on two lan cards
It's correct that inetd.sec does not support "per interface" filtering, but it works for me because I know what subnets are are connected to this lan card.
So I did in inetd.sec:
telnet deny 10.*
http deny 193.*
This enables me to block telnet requests arriving at lan card 10.43.181.222 and http requests arriving at 193.16.33.253
But I'll have a look at your recomended links.
Regards
Rainer
So I did in inetd.sec:
telnet deny 10.*
http deny 193.*
This enables me to block telnet requests arriving at lan card 10.43.181.222 and http requests arriving at 193.16.33.253
But I'll have a look at your recomended links.
Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP