- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Denying host access or telnet from specific IP...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 06:48 AM
11-17-2003 06:48 AM
I want the users to be able to telnet to my production box only from specific IP range. My local IP is 157.226.0.0 so in other words any one who is outside that range should not be able to access the boxes.
We have other branch offices which are on a different IP range, like 162.0.0.0 so my aim is to restrict those users.
Any thoughts on how this can be done would be appreciated.
Thnks
--SK
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 06:53 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 06:59 AM
11-17-2003 06:59 AM
Re: Denying host access or telnet from specific IP address
Thnks for the response, can you give me the syntax that can be put in that file, so that some IP address are denied like
168.0.0.1( in my case)
Also on some other boxes, I would like to trap users who log on from that IP address range, my systems are not trusted and auditing is not truned on whats the way of trapping logins from specific IP addr range?
--SK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 07:27 AM
11-17-2003 07:27 AM
Re: Denying host access or telnet from specific IP address
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP
Follows allow and deny methodologies for any inetd controlled daemons...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 07:37 AM
11-17-2003 07:37 AM
Re: Denying host access or telnet from specific IP address
# cat /var/adm/inetd.sec
This file has examples in it which shows you the right syntax. Also, for more information:
# man 4 inetd.sec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 08:38 AM
11-17-2003 08:38 AM
Re: Denying host access or telnet from specific IP address
#
#
#
To Edit the /var/adm/inetd.sec File
The /var/adm/inetd.sec file is a security file that inetd reads to determine which remote hosts are allowed access to the services on your host. The inetd.sec file is optional; you do not need it to run the Internet Services.
You can use either a text editor or SAM to edit the inetd.sec file. SAM (System Administration Manager) is Hewlett-Packard's windows-based user interface for performing system administration tasks. To run SAM, type sam at the HP-UX prompt. SAM has an extensive online help facility.
If the /var/adm/inetd.sec file does not exist on your host, copy /usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
Create one line in inetd.sec for each service to which you want to restrict access. Do not create more than one line for any service.
Each line in the /var/adm/inetd.sec file has the following syntax:
service_name {allow} host_specifier [host_specifier...]
{deny}
where service_name is the first field in an entry in the /etc/inetd.conf file, and host_specifier is a host name, IP address, IP address range, or the wildcard character (*).
Make sure the /var/adm/inetd.sec file is owned by user root and group other, and make sure its permissions are set to 0444 (-r--r--r--).
Following are some example lines from an inetd.sec file:
login allow 10.*
shell deny vandal hun
tftp deny *
The first example allows access to rlogin from any IP address beginning with 10. The second example denies access to remsh and rcp from hosts vandal and hun. The third example denies everyone access to tftp.
Only the services configured in /etc/inetd.conf can be configured in /var/adm/inetd.sec.
For more information, type man 4 inetd.sec or man 1M inetd.
Also see the following:
http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B3921-90010/B3921-90010_top.html&con=/hpux/onlinedocs/B3921-90010/00/19/1947-con.html&toc=/hpux/onlinedocs/B3921-90010/00/19/1947-toc.html&searchterms=inetd.sec&queryid=20031117-143544
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2003 09:05 AM
11-17-2003 09:05 AM
Re: Denying host access or telnet from specific IP address
Thnks for the response, I will try out , the options suggested by every one.
--SK