Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 03:47 PM
тАО04-29-2007 03:47 PM
ipfilter
ssh
ftp
telnet
To everyone and all prorts to 172.16.0-8
Am I missing something here.
pass out quick on lan0 proto tcp from 172.16.1.100/21 to any keep state
pass out quick on lan0 proto udp from 172.16.1.100/21 to any keep state
pass out quick on lan0 proto icmp from 172.16.1.100/21 to any keep state
pass in quick on lan0 proto tcp from any to 172.16.1.100/21 port = 23 flags S keep state keep frags
pass in quick on lan0 proto tcp from any to 172.16.1.100/21 port = 22 flags S keep state keep frags
pass in quick on lan0 proto tcp from any to 172.16.1.100/21 port = 21 flags S keep state keep frags
pass out quick on lan0 proto tcp/udp from 172.16.1.100/21 to any keep state
pass in quick proto icmp from any to any
pass out quick proto icmp from any to any
pass in quick from 172.16.0.0/21 to any
pass out quick from any to 172.16.0.0/21
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 06:01 PM
тАО04-29-2007 06:01 PM
Re: ipfilter
Try to get hold of Doc. UTRANKBRC00017096 from KnowledgeBase which explains ipfilter.
or IPFilter Config. Examples in this doc.
http://docs.hp.com/en/B9901-90021/B9901-90021.pdf
Also there are sample files in /opt/ipf/examples dir.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2007 07:26 PM
тАО04-29-2007 07:26 PM
Re: ipfilter
How this peforms depends on local network configuration.
Are you using this HP-UX box as a router-firewall?
If so you may need a pass out command on each network. I'd need to see an ifconfig lan0 (or whatever lan we're dealing with here) and get some information on the overall environment to be able to understand and make recommendations.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2007 12:46 AM
тАО04-30-2007 12:46 AM
Re: ipfilter
#
# Allow outgoing connections: SSH, TELNET, FTP
#
pass in quick proto tcp from any to any port = 21 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 23 keep state
In case that you want to allow the external hosts to access your server as ftp, ssh or telnet, change the flag "in" to "out" .
And to add the rule only for your network 172.16.1.100/21, change the flag "any" to your net address.
Try to use also..
* from 172.16.1.1/21 to 172.16.8.254/21 * instead of 172.16.0-8 !
Hope this helps,
Rgds,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2007 02:01 PM
тАО04-30-2007 02:01 PM
Re: ipfilter
The HP IPFilter adminstrators guide has a very good example of all this (ftp) and how to setup the required rules. I found use of "log" in the rules very handy in sorting out problems.
I see you are using private address space but be carefull with the use of "any" in rules. Think about forwarding etc.
Why not use scp ot sftp since you have ssh?