HPE Community
Operating System - Linux
1826291 Members
4412 Online
109692 Solutions
New Discussion

Re: How to limit telnet session from some designated clients ?

 
yyghp
Super Advisor

‎06-08-2005 03:23 AM

‎06-08-2005 03:23 AM

How to limit telnet session from some designated clients ?

How can I limit only several designated clients can telnet my Linux server ?

I know the IPs and the Hostnames of those clients.

Thanks !
0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎06-08-2005 03:34 AM

‎06-08-2005 03:34 AM

Re: How to limit telnet session from some designated clients ?

Use the iptables firewall to deny telnet and then accept only from those ip's you want.


iptables -I INPUT -s 0/0 -p tcp --dport 23 -j DROP
iptables -I INPUT -s -p tcp --deport 23 -j ACCEPT
... repeat for each ip address

Use -A in a firewall startup script.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
yyghp
Super Advisor

‎06-08-2005 03:40 AM

‎06-08-2005 03:40 AM

Re: How to limit telnet session from some designated clients ?

do I have to enable firewall on Linux ? is there any other way except firewall ?
thanks a lot !
0 Kudos
Reply
Gopi Sekar
Honored Contributor

‎06-08-2005 04:23 AM

‎06-08-2005 04:23 AM

Re: How to limit telnet session from some designated clients ?


you can use host access control method to deny access. you can deny access to telnet sessions by putting entries in /etc/hosts.allow and /etc/hosts.deny

check man hosts.allow and hosts.deny for more information.

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Reply
yyghp
Super Advisor

‎06-08-2005 04:50 AM

‎06-08-2005 04:50 AM

Re: How to limit telnet session from some designated clients ?

but /etc/hosts.allow and /etc/hosts will block all services, not just telnet.

thanks!
0 Kudos
Reply
xyko_1
Esteemed Contributor

‎06-08-2005 06:43 AM

‎06-08-2005 06:43 AM

Re: How to limit telnet session from some designated clients ?

Hi yyghp,

If telnet is configured in xinetd on your system, you can do what you want using only_from parameter on the configuration file.

man xinetd.conf

will help you.

regards,
xyko
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-08-2005 07:41 AM

‎06-08-2005 07:41 AM

Re: How to limit telnet session from some designated clients ?

Honestly, I think the firewall is a good bet.

HP-UX has a file called /var/adm/inetd.sec

This lets you allow and deny hosts by service name AND ip address.

I can't find the functional equivalent in Linux.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Gopi Sekar
Honored Contributor

‎06-08-2005 05:19 PM

‎06-08-2005 05:19 PM

Re: How to limit telnet session from some designated clients ?


hosts.allow and hosts.deny can be configured for individual services. check 'man hosts_access' and 'man hosts_options' to get more info on this.

for your case, you can use like this:
/etc/hosts.allow:

in.telnetd: ALL EXCEPT HOST1, HOST2

you can also setup to send mail to the administrator when some one from the exception list trying to access

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Reply
Bejoy C Alias
Respected Contributor

‎06-09-2005 01:02 AM

‎06-09-2005 01:02 AM

Re: How to limit telnet session from some designated clients ?

Hi,
u can use iptables to block /allow specific connections. The iptables rpm will be installed by default mostly, otherwise install the rpm . Edit the /etc/sysconfig/iptables file to include ur rules. Note that the rules will be analyzed from top to bottom in that order . So allow connections first , then deny the connections, other wise all the connections will be denied at the first rule set itself.

the entries in iptables file will be like this ...for ur setup..

*filter
-A INPUT -p tcp -m tcp -s --dport 23 -j ACCEPT --syn
.....add entries for each ip....
-A INPUT -p tcp -m tcp -j REJECT --syn

Dear SEP,
Ur idea is correct but it will not allow any telnet connections. The order should be reversed as the rules will be analyzed from top to bottom, in ur reply the connections will be rejected at the very first comparison. The remaining rules will not be checked.
Be Always Joy ......
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.