Telnet Restriction Based on IP

I am using Redhat Linux 6.2 . I want to give telnet access only to my Intranet Users.
How can i deny telnet access from other servers. i think there may an option to reatrict Telnet access based on IP. How can i do it..

Waiting for an early reply.

Who is Participating?
jlevieConnect With a Mentor Commented:
You can use tcpwrappers to restrict access to specific IP's. The restrictions are implemented by placing lines like:

in.telnetd:   host.domain.tld
in.telnetd:   .domain.tld

in /etc/hosts.allow. The first and second lines allow a specific host access to telnet, the last allows anyone at domain.tld access. For more information see "man hosts.allow".
use rlogin, or much better ssh, instead
rlogin requires in.rlogind (sshd for ssh), then you can define restrictions globaly in /etc/hosts.equiv or per user i ~/.rhosts for rlogin, respectively in sshd.conf, ssh.conf and ~/.shost for ssh

I would do this with ipchains (2.2 kernel series) or iptables (2.4 series) firewalling, i.e. packet filtering. As you have Redhat 6.2 I'll assume you don't have iptables..

If you have no firewalling currently in place you would effectively have the following defaults :

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

You would do something like this :

ipchains -A input -i eth0 -p tcp -s -d 23 -j ACCEPT

(input from interface (-i) eth0 with source address (-s) 172.16.x.x going to destination address /port (-d) -> accept, i.e. allow)

ipchains -A output -i eth0 -p tcp ! -y -s 23 -d 1024:65535 -j ACCEPT

(output from port 23 going to destination 172.16.x.x on any port in range 1024:65535 as long as not (!) syn bit set (-y) - i.e. not initiating from your box - accept)

ipchains -A input -i eth1 -p tcp -d 23 -j DENY

(input on interface eth1, tcp protocol, going to port 23 - DENY)

In the above examples I've assumed eth0 for your lan, eth1 for your internet connex, as your redhat box, port 23 for telnet (normal unless you changed it), and mask for your lan.

All you would do is add these 'ipchains' lines to the end of your /etc/rc.d/init.d/rc.local startup script Or create a script called something like /etc/rc.d/init.d/rc.firewall and call that from rc.local.

Ssh (Secure Shell) is indeed more secure but I would still firewall it from outside. You would also need your client machines to have a client implementation of ssh which may not be easy if they are windows boxes. Ssh runs on tcp port 22 incidentally and is a little more complex to firewall with ipchains.

To check active rules do the list option:

ipchains -L input
ipchains -L output

Hope this helps, Iain  


Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

not bad: ipchains.

BUT keep in mind that this needs a special compiled kernel.
Also, using a packetfilter (ipchains, iptables, etc.) just for restricting some host using telnet is oversized, somehow.
AND ALSO if ipchains is setup correctly you still need to configure telnet and/or ssh.
You can restrict telnet access in your router config with
an access list.

Just a thought.

ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.

Click you Member Profile to view your question history and keep them updated as the collaboration effort continues, to maintain your open and locked questions.  If you are a  KnowledgePro user, use the Power Search option to find them.  Anytime you have questions which are LOCKED with a Proposed Answer which does not serve your needs, please reject it and add comments as to why.  In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why.  This helps all involved, as well as future persons who may access this item for help.

To view your open questions, please click the following link(s) and keep them all current with updates.

To view your locked questions, please click the following link(s) and evaluate the proposed answer.

------------>  EXPERTS:  Please leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link 
POINTS FOR EXPERTS awaiting comments are listed here ->

Moderators will finalize this question if still open in @7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made.  Expert input is always appreciated to determine the fair outcome.
Thank you everyone.
Moderator @ Experts Exchange
28 open questions, ZERO courtesy of response to follow up requests, most posted for 10 points (less than the 50 point recommendation for "easy" questions); all very disheartening!

Zero response by Asker nor Expert closing recommendations, therefore this was finalized today by Moondancer - EE Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.