HPE Community
Operating System - HP-UX
1755947 Members
4367 Online
108839 Solutions
New Discussion юеВ

Re: TCP wrapper confign...to limit access by ip's

 
boomer_2
Super Advisor

тАО07-07-2008 04:44 AM

тАО07-07-2008 04:44 AM

TCP wrapper confign...to limit access by ip's

Hi guys,
I have tcp wrapper installed in one of my server...

rx4640 11i v2..8 gb ram...
tcp_wrappers-7.6-ia64-11.23.depot

I have managed to block ftp by using wrapper..as directed by a hp doc...

but plzz can sme1 tell me how do i block access to that server using TCPwrapper...

I wuld like to block ip's from 10.1.4.xxx n/w to 10.1.1.4.xx n/w.....


The server ip is 10.1.1.4....

And the confign i have done is as follows :->


telnet stream tcp nowait root /usr/lbin/tcpd /usr/lbin/telnetd telnetd
# mkdir /usr/lbin/wrapper
# mv /usr/lbin/ftpd /usr/lbin/wrapper
# cp tcpd /usr/lbin/ftpd

inetd -c..

Aftr which m able to block ftp access..
but hw do i block specific ip access....?????
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО07-07-2008 04:52 AM

тАО07-07-2008 04:52 AM

Re: TCP wrapper confign...to limit access by ip's

Shalom,

Blocking with tcp wrapper is done protocol by protocol.

To block an ip address from all protocols will require entries for each protocols.

ipfilter, available from the Core OS, the Application CD/DVD and http://software.hp.com might be a better tool to use in this case.

http://docs.hp.com/en/B9901-90021/B9901-90021.pdf

http://docs.hp.com/en/5990-7245/5990-7245.pdf

http://docs.hp.com/en/5991-5535/ch03s09.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
boomer_2
Super Advisor

тАО07-07-2008 04:57 AM

тАО07-07-2008 04:57 AM

Re: TCP wrapper confign...to limit access by ip's

hi Steven,
i do have ipfilter installed too..
could u please let me know how do i specify a range in it...

Fro ex..i want access to machines 10.1.4.4,10.1.4.5,10.1.4.6...

and i want to block 10.1.4.1 to 10.1.4.100 .....except the above ones...
0 Kudos
Reply
Fabio Ettore
Honored Contributor

тАО07-07-2008 05:17 AM

тАО07-07-2008 05:17 AM

Re: TCP wrapper confign...to limit access by ip's

Hi boomer,

what about /var/adm/inetd.sec?
You can deny service for specific IP address, you can specify even a range.

man inetd.sec for details.

Best regards,
Fabio
WISH? IMPROVEMENT!
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО07-07-2008 07:46 AM

тАО07-07-2008 07:46 AM

Re: TCP wrapper confign...to limit access by ip's

put the IP ranges into the /etc/hosts.deny file..

if you wish for all services then an entry may look like this.

ALL: 10.1.1.l4

Read man 5 hosts_access for more details.

BTW, /etc/ftpd/ftpusers file and TCP-Wrappers really have nothing to do with each other. The ftpusers file is a list of users who will NOT be allowed to FTP, this works whether or not you are using the wrappers.

TCP-Wrappers is a different way to allow/deny IP based addresses access to any or all services that are wrapped with the wrapper.



0 Kudos
Reply
boomer_2
Super Advisor

тАО07-07-2008 09:49 PM

тАО07-07-2008 09:49 PM

Re: TCP wrapper confign...to limit access by ip's

Hi Tim,

I want to deny ssh access so sme1 suggested me to use TCPWRAPPER...but i think ipfilter would be a good choice.....

but how do i block specific ip's say i want to block 10.1.3.4 and 10.1.3.5 ...but allow all ip's from 10.1.3.1 to 10.1.3.10 except the above two....

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.