HPE Community
Operating System - HP-UX
1829753 Members
1817 Online
109992 Solutions
New Discussion

How to allow Telnet & FTP access from specific IPs/domains

 
Ankit Grover
Frequent Advisor

‎12-18-2006 04:15 PM

‎12-18-2006 04:15 PM

How to allow Telnet & FTP access from specific IPs/domains

Hi experts,

I have got a HP-UX B.11.23 ia64 Itanium box. It has been moved to a new place and so its IP addresses have changed. I am not able to connnect to a AIX box now through FTP. It throws the error that the network is unreachable. Domain for both servers is still same, only the IPs are in different ranges.

HP guys allowed the telnet access from new IP range by adding an entry to a file. Can anybody tell me the location of that file?
Also does the same kind of file exist for allowing FTP access?

Cheers,
Ankit
0 Kudos
Reply
7 REPLIES 7
Rajeev Shukla
Honored Contributor

‎12-18-2006 04:25 PM

‎12-18-2006 04:25 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

For HPUX there is a file called inetd.sec (optional security file for inetd) located under /var/adm
Thats where you can allow/deny the inetd services like telnet/ftp etc.. Have a look at the man pages of inetd.sec for more information.
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎12-18-2006 04:44 PM

‎12-18-2006 04:44 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

A "network is unreachable" complaint normally
implies bad routing. It might help to know
the IP addresses involved here, and perhaps
output from "netstat -rn".
0 Kudos
Reply
Ankit Grover
Frequent Advisor

‎12-18-2006 04:55 PM

‎12-18-2006 04:55 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

Hi Rajeev,
The file is located only at /usr/newconfig/var/adm without having links at any other place. But there are no entries in this file.

[root]/usr/newconfig/var/adm#ll -rt /usr/newconfig/var/adm/inetd.sec
-r--r--r-- 1 bin bin 978 Sep 3 2003 /usr/newconfig/var/adm/inetd.sec

Hi Steven,
The output of netstat is
[root]/usr/newconfig/var/adm#netstat -rn
Routing tables
Destination Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 4136
172.30.0.13 172.30.0.13 UH 0 lan0 4136
172.30.0.0 172.30.0.13 U 2 lan0 1500
127.0.0.0 127.0.0.1 U 0 lo0 0

I am able to connect to AIX box at 172.28.10.53. 172.30.0.13 is the IP of my HP box
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎12-18-2006 05:02 PM

‎12-18-2006 05:02 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

In your "netstat -rn" output, I see no
default gateway, and no explicit route to the
172.28.x.x network (only to 172.30.0.0). So
a "network is unreachable" complaint may be
expected.

> I am able to connect to AIX box at
> 172.28.10.53.

I don't see how.
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎12-18-2006 05:05 PM

‎12-18-2006 05:05 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

If the file is located in /usr/newconfig (thats where all the sample files are) it means that the security has not been enabled at the HPUX level and anyone is allowed to telnet or use the services defined in /etc/inetd.conf in the network.
If you want to implement the addition level of security on the inetd daemons/services then copy the files from /usr/newconfig/var/adm to /vad/adm and edit it as per need look at the man pages for the format of allow/deny
0 Kudos
Reply
Ankit Grover
Frequent Advisor

‎12-18-2006 06:40 PM

‎12-18-2006 06:40 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

Sorry, I missed a NOT in my statement.

Can u tell me how the gateway for 172.28* network be added on my machine?

The users from 172.17* domain r able to connect to the box through some other IP. How that is set?
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎12-18-2006 07:31 PM

‎12-18-2006 07:31 PM

Re: How to allow Telnet & FTP access from specific IPs/domains

"man route"

"route add [...]"

/etc/rc.config.d/netconf (Look for
"ROUTE_", to get it done
automatically at system start-up.)

It's common to have a default route, but it's
also possible to specify one or more gateways
for particular IP address ranges.

To set a route properly, you need to know
which systems are supposed to act as
gateways, which is something your network
administrators should know. You may be able
to get some ideas by running that "netstat
-rn" command on various other systems.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.