Community
System Administration
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TCP wrapper confign...to limit access by ip's

 
boomer_2
boomer_2
Super Advisor

‎07-07-2008 04:44 AM

‎07-07-2008 04:44 AM

TCP wrapper confign...to limit access by ip's

Hi guys,
I have tcp wrapper installed in one of my server...

rx4640 11i v2..8 gb ram...
tcp_wrappers-7.6-ia64-11.23.depot

I have managed to block ftp by using wrapper..as directed by a hp doc...

but plzz can sme1 tell me how do i block access to that server using TCPwrapper...

I wuld like to block ip's from 10.1.4.xxx n/w to 10.1.1.4.xx n/w.....


The server ip is 10.1.1.4....

And the confign i have done is as follows :->


telnet stream tcp nowait root /usr/lbin/tcpd /usr/lbin/telnetd telnetd
# mkdir /usr/lbin/wrapper
# mv /usr/lbin/ftpd /usr/lbin/wrapper
# cp tcpd /usr/lbin/ftpd

inetd -c..

Aftr which m able to block ftp access..
but hw do i block specific ip access....?????
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Steven E. Protter
Exalted Contributor

‎07-07-2008 04:52 AM

‎07-07-2008 04:52 AM

Re: TCP wrapper confign...to limit access by ip's

Shalom,

Blocking with tcp wrapper is done protocol by protocol.

To block an ip address from all protocols will require entries for each protocols.

ipfilter, available from the Core OS, the Application CD/DVD and http://software.hp.com might be a better tool to use in this case.

http://docs.hp.com/en/B9901-90021/B9901-90021.pdf

http://docs.hp.com/en/5990-7245/5990-7245.pdf

http://docs.hp.com/en/5991-5535/ch03s09.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
boomer_2
boomer_2
Super Advisor

‎07-07-2008 04:57 AM

‎07-07-2008 04:57 AM

Re: TCP wrapper confign...to limit access by ip's

hi Steven,
i do have ipfilter installed too..
could u please let me know how do i specify a range in it...

Fro ex..i want access to machines 10.1.4.4,10.1.4.5,10.1.4.6...

and i want to block 10.1.4.1 to 10.1.4.100 .....except the above ones...
0 Kudos
Reply
Fabio Ettore
Fabio Ettore
Honored Contributor

‎07-07-2008 05:17 AM

‎07-07-2008 05:17 AM

Re: TCP wrapper confign...to limit access by ip's

Hi boomer,

what about /var/adm/inetd.sec?
You can deny service for specific IP address, you can specify even a range.

man inetd.sec for details.

Best regards,
Fabio
WISH? IMPROVEMENT!
0 Kudos
Reply
Tim Nelson
Tim Nelson
Honored Contributor

‎07-07-2008 07:46 AM

‎07-07-2008 07:46 AM

Re: TCP wrapper confign...to limit access by ip's

put the IP ranges into the /etc/hosts.deny file..

if you wish for all services then an entry may look like this.

ALL: 10.1.1.l4

Read man 5 hosts_access for more details.

BTW, /etc/ftpd/ftpusers file and TCP-Wrappers really have nothing to do with each other. The ftpusers file is a list of users who will NOT be allowed to FTP, this works whether or not you are using the wrappers.

TCP-Wrappers is a different way to allow/deny IP based addresses access to any or all services that are wrapped with the wrapper.



0 Kudos
Reply
Highlighted
boomer_2
boomer_2
Super Advisor

‎07-07-2008 09:49 PM

‎07-07-2008 09:49 PM

Re: TCP wrapper confign...to limit access by ip's

Hi Tim,

I want to deny ssh access so sme1 suggested me to use TCPWRAPPER...but i think ipfilter would be a good choice.....

but how do i block specific ip's say i want to block 10.1.3.4 and 10.1.3.5 ...but allow all ip's from 10.1.3.1 to 10.1.3.10 except the above two....

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.