System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

TCP wrapper confign...to limit access by ip's

 
boomer_2
Super Advisor

TCP wrapper confign...to limit access by ip's

Hi guys,
I have tcp wrapper installed in one of my server...

rx4640 11i v2..8 gb ram...
tcp_wrappers-7.6-ia64-11.23.depot

I have managed to block ftp by using wrapper..as directed by a hp doc...

but plzz can sme1 tell me how do i block access to that server using TCPwrapper...

I wuld like to block ip's from 10.1.4.xxx n/w to 10.1.1.4.xx n/w.....


The server ip is 10.1.1.4....

And the confign i have done is as follows :->


telnet stream tcp nowait root /usr/lbin/tcpd /usr/lbin/telnetd telnetd
# mkdir /usr/lbin/wrapper
# mv /usr/lbin/ftpd /usr/lbin/wrapper
# cp tcpd /usr/lbin/ftpd

inetd -c..

Aftr which m able to block ftp access..
but hw do i block specific ip access....?????
5 REPLIES 5
Steven E. Protter
Exalted Contributor

Re: TCP wrapper confign...to limit access by ip's

Shalom,

Blocking with tcp wrapper is done protocol by protocol.

To block an ip address from all protocols will require entries for each protocols.

ipfilter, available from the Core OS, the Application CD/DVD and http://software.hp.com might be a better tool to use in this case.

http://docs.hp.com/en/B9901-90021/B9901-90021.pdf

http://docs.hp.com/en/5990-7245/5990-7245.pdf

http://docs.hp.com/en/5991-5535/ch03s09.html

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
boomer_2
Super Advisor

Re: TCP wrapper confign...to limit access by ip's

hi Steven,
i do have ipfilter installed too..
could u please let me know how do i specify a range in it...

Fro ex..i want access to machines 10.1.4.4,10.1.4.5,10.1.4.6...

and i want to block 10.1.4.1 to 10.1.4.100 .....except the above ones...
Fabio Ettore
Honored Contributor

Re: TCP wrapper confign...to limit access by ip's

Hi boomer,

what about /var/adm/inetd.sec?
You can deny service for specific IP address, you can specify even a range.

man inetd.sec for details.

Best regards,
Fabio
WISH? IMPROVEMENT!
Tim Nelson
Honored Contributor

Re: TCP wrapper confign...to limit access by ip's

put the IP ranges into the /etc/hosts.deny file..

if you wish for all services then an entry may look like this.

ALL: 10.1.1.l4

Read man 5 hosts_access for more details.

BTW, /etc/ftpd/ftpusers file and TCP-Wrappers really have nothing to do with each other. The ftpusers file is a list of users who will NOT be allowed to FTP, this works whether or not you are using the wrappers.

TCP-Wrappers is a different way to allow/deny IP based addresses access to any or all services that are wrapped with the wrapper.



boomer_2
Super Advisor

Re: TCP wrapper confign...to limit access by ip's

Hi Tim,

I want to deny ssh access so sme1 suggested me to use TCPWRAPPER...but i think ipfilter would be a good choice.....

but how do i block specific ip's say i want to block 10.1.3.4 and 10.1.3.5 ...but allow all ip's from 10.1.3.1 to 10.1.3.10 except the above two....