HPE Community
Operating System - HP-UX
1833852 Members
2291 Online
110063 Solutions
New Discussion

inetd.sec

 
SOLVED
Go to solution
Bush_2
Occasional Advisor

‎04-08-2008 11:45 PM

‎04-08-2008 11:45 PM

inetd.sec

Hi all,
#cat /var/adm/inetd.sec
ftp deny 192.168.55.21
still I am able to do ftp from the given ip.

Rgrds,
Raj
0 Kudos
10 REPLIES 10
Ivan Krastev
Honored Contributor

‎04-08-2008 11:49 PM

‎04-08-2008 11:49 PM

Re: inetd.sec

There are 2 possible reasons:
1. ftp is not started fron inetd
2. inetd is not reloaded after changing this file with 'inetd -c'

regards,
ivan
0 Kudos
Yogeeraj_1
Honored Contributor

‎04-08-2008 11:55 PM

‎04-08-2008 11:55 PM

Re: inetd.sec

hi,

did you try to run: inetd -c ?

revert!
kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Yogeeraj_1
Honored Contributor

‎04-08-2008 11:58 PM

‎04-08-2008 11:58 PM

Re: inetd.sec

hi again,

you can also consider installation of the latest inetd cumulative patch -> PHNE_28312


kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Bush_2
Occasional Advisor

‎04-08-2008 11:59 PM

‎04-08-2008 11:59 PM

Re: inetd.sec

hi,
"ftp allow 192.168.55.2" is working.
0 Kudos
Sajjad Sahir
Honored Contributor

‎04-09-2008 12:35 AM

‎04-09-2008 12:35 AM

Re: inetd.sec

u have run inted -c
0 Kudos
Safarali
Valued Contributor

‎04-09-2008 01:03 AM

‎04-09-2008 01:03 AM

Re: inetd.sec

hi Bush

if your server is listed in ftp.allow file then it will work remove from there and put only ftp.deny

and restart inetd -c as sajjad mentioned

Regards

Safar
0 Kudos
Bush_2
Occasional Advisor

‎04-13-2008 12:53 AM

‎04-13-2008 12:53 AM

Re: inetd.sec

Hi all,
I have installed the patch PHNE_34823 ( inetd cumulative patch for 11.23) and restarted the inetd also. But still can ftp to the server...
Any more suggestion ?????
0 Kudos
Bush_2
Occasional Advisor

‎04-13-2008 01:28 AM

‎04-13-2008 01:28 AM

Re: inetd.sec

Could you please help me on this issue ?
0 Kudos
Aneesh Mohan
Honored Contributor

‎04-13-2008 04:09 AM

‎04-13-2008 04:09 AM

Solution

Re: inetd.sec

Mr Bush,

Are you checked by applying the server ip in /var/adm/inetd.sec for allow and deny functionality ?

means
#vi inetd.sec ---- on 192.168.1.2
ftp deny 192.168.1.2 #for checking deny fuctionatilty

Note : The ip address should be the server address itself ,just for checking .


#inetd -c

then try ftp to itself ,you may not able to connect to server then we can conclude that "ftp deny"is working .


About your issue ,the ip address reflecting from the client to the server could be a different one .

means :-

Your client ip address could be 192.168.55.2 on client side but while connecting to the server it may reflecting with different ip address ( confirm through syslog after opening a telnet session ,or try ping 192.168.55.2 from server ) due to security implementation on network side.


If this is right then you have to confirm your client mapping ip address on server side and apply inetd.sec accordingly .



Thanks,
Aneesh
0 Kudos
Bush_2
Occasional Advisor

‎04-15-2008 07:52 AM

‎04-15-2008 07:52 AM

Re: inetd.sec

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.