HPE Community
Operating System - HP-UX
1752447 Members
6447 Online
108788 Solutions
New Discussion юеВ

how to block ftp from HPUX to linux server ??

 
SOLVED
Go to solution
chindi
Respected Contributor

тАО12-23-2008 11:35 PM

тАО12-23-2008 11:35 PM

how to block ftp from HPUX to linux server ??

hi guys,
i wuld lik to block ftp from an hpux server 11i v2 ..to a linux server....


Details of hpux server....:
===========================



RX4640
11i v2
8 gb RAM..

root #/ >cat /var/adm/inetd.sec
# @(#)B11.23_LRinetd.sec $Revision: 1.10.214.1 $ $Date: 96/10/08 13:20:06 $
#
#
# The lines in the file contain a service name, permission field and
# the Internet addresses or names of the hosts and/or networks
# allowed to use that service in the local machine.
# The form for each entry in this file is:
#
#
#
# For example:
#
# login allow 10.3-5 192.34.56.5 ahost anetwork
#
# The above entry allows the following hosts to attempt to access your system
# using rlogin:
# hosts in subnets 3 through 5 in network 10,
# the host with Internet Address of 192.34.56.5,
# the host by the name of "ahost",
# all the hosts in the network "anetwork"
#
# mountd deny 192.23.4.3
#
# The mountd entry denies host 192.23.4.3 access to the NFS rpc.mountd
# server.
#
# Hosts and network names must be official names, not aliases.
# See the inetd.sec(4) manual page for more information.



ftp deny 10.1.4.202





Details of linux server :
========================




[root@intmailserver vsftpd]# uname -a
Linux intmailserver 2.6.9-1.667smp #1 SMP Tue Nov 2 14:59:52 EST 2004 i686 i686 i386 GNU/Linux


[root@intmailserver vsftpd]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
DROP all -- 10.1.4.211 anywhere
DROP all -- anywhere 10.1.4.211

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5902
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5903
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
0 Kudos
Reply
19 REPLIES 19
Suraj K Sankari
Honored Contributor

тАО12-24-2008 12:19 AM

тАО12-24-2008 12:19 AM

Re: how to block ftp from HPUX to linux server ??

Hi,

You want to stop ftp from hp side or linux side.
if you want to stop from you hp side then stop the ftpd demon
edit the file /etc/inetd.conf
put # on ftp line
save the file
restart the net
inet -c

Suraj
0 Kudos
Reply
chindi
Respected Contributor

тАО12-24-2008 12:21 AM

тАО12-24-2008 12:21 AM

Re: how to block ftp from HPUX to linux server ??

hi Suraj,

i need to block ftp from hpux server 10.1.4.a
to linux server 10.1.4.b ONLY.

n not the whole ftp daemon...
0 Kudos
Reply
Wim Rombauts
Honored Contributor

тАО12-24-2008 12:58 AM

тАО12-24-2008 12:58 AM

Re: how to block ftp from HPUX to linux server ??

Basically, you have two options :
1) Go to you r linux machine and filter FTP traffic from your HP-UX machine there, but I am not familiar enough with Linux to tell you how to do that.
2) On your HP-UX box, since you have HP-UX 11.23, you could activate IPFilter and block outgoing FTP traffic to the IP-address of the Linux box.
0 Kudos
Reply
chindi
Respected Contributor

тАО12-24-2008 01:14 AM

тАО12-24-2008 01:14 AM

Re: how to block ftp from HPUX to linux server ??

Hi,
Any other option then IP FILTER...
bcozz for that i need to take a reboot of that server ..which is not possible right now...




0 Kudos
Reply
FaizirizaL
Frequent Advisor

тАО12-24-2008 01:25 AM

тАО12-24-2008 01:25 AM

Re: how to block ftp from HPUX to linux server ??

I think you should try this out.. Hope can help.. Thanks.

- Install TCP Wrappers. Follow these steps :

a) Install TCP Wrappers
- ftp TCP-WRAPPERS_11.11.depot to /tmp
- cd /tmp
- swinstall -s /tmp/TCP-WRAPPERS_11.11.depot TCP-WRAPPERS

b) Action after install TCP Wrappers
- Create a simple /etc/hosts.allow file :
(required to get list of ip address which allowed to access the server)


echo 'ALL: , , .... '\ > /etc/hosts.allow
chown root:sys /etc/hosts.allow
chmod go-w,a-xs /etc/hosts.allow

Note : Example for first command , echo 'ALL: 10.0.3.61 '\ > /etc/hosts.allow
These IP Address are for the pc which can have access to server



- Create /etc/hosts.deny :

echo 'ALL: ALL'> /etc/hosts.deny
chown root:sys /etc/hosts.deny
chmod go-w,a-xs /etc/hosts.deny


Modify inetd.conf

> open file /etc/inetd.conf using Reflextion X
> remark with ├в #├в for column which have telnet and ftp
> add these lines at the file

telnet stream tcp nowait root /usr/lbin/tcpd /usr/lbin/telnetd telnetd
ftp stream tcp nowait root /usr/lbin/tcpd /usr/lbin/ftpd ├в l
0 Kudos
Reply
chindi
Respected Contributor

тАО12-24-2008 05:42 AM

тАО12-24-2008 05:42 AM

Re: how to block ftp from HPUX to linux server ??

Hi FaizirizaL,
i have installed tcp wrapper...

but after that what is the syntax for the hosts.allow and hosts.deny


morever bcoz tcp wrapper is gettin installed in /usr/local/bin/tcpd ..

so what entry shuld i make in /etc/inetd.conf ????



0 Kudos
Reply
FaizirizaL
Frequent Advisor

тАО12-25-2008 03:27 PM

тАО12-25-2008 03:27 PM

Re: how to block ftp from HPUX to linux server ??


Hi chindi,

For hosts.allow, you should put "ALL:ALL;" and for the hosts.deny, you should put "ALL:ip_linux_server;"

For the inetd.conf, find and remark the line of ftp and replace with this line,


ftp stream tcp nowait root /usr/lbin/tcpd /usr/lbin/ftpd ├в l
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

тАО12-25-2008 07:56 PM

тАО12-25-2008 07:56 PM

Re: how to block ftp from HPUX to linux server ??

>>>so what entry shuld i make in /etc/inetd.conf ????<<

No need to make changes in /etc/inetd.conf this refer's to allow&deny of Services like ftp,telnet,ssh,rlogin .. etc.

so looks to me Ok, /var/adm/inetd.sec will accomplish your purpose.


Thx,
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
chindi
Respected Contributor

тАО12-26-2008 01:32 AM

тАО12-26-2008 01:32 AM

Re: how to block ftp from HPUX to linux server ??

Hi,

Johnson,

I want to block ftp from my hpux server to linux server..
wen i make an try in /var/adm/inetd.sec
ftp deny 10.1.4.b ( linux ip )

m not able to ftp from linux to ftp...whereas i want no ftp from hpux to linux server..


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.