Solved

Telnet Restriction Based on IP

Posted on 2001-07-30
7
550 Views
Last Modified: 2010-03-18
I am using Redhat Linux 6.2 . I want to give telnet access only to my Intranet Users.
How can i deny telnet access from other servers. i think there may an option to reatrict Telnet access based on IP. How can i do it..

Waiting for an early reply.

 
0
Comment
Question by:bt74
7 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 10 total points
ID: 6334395
You can use tcpwrappers to restrict access to specific IP's. The restrictions are implemented by placing lines like:

in.telnetd:        1.2.3.4  
in.telnetd:   host.domain.tld
in.telnetd:   .domain.tld

in /etc/hosts.allow. The first and second lines allow a specific host access to telnet, the last allows anyone at domain.tld access. For more information see "man hosts.allow".
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6334715
use rlogin, or much better ssh, instead
rlogin requires in.rlogind (sshd for ssh), then you can define restrictions globaly in /etc/hosts.equiv or per user i ~/.rhosts for rlogin, respectively in sshd.conf, ssh.conf and ~/.shost for ssh
0
 
LVL 2

Expert Comment

by:ifincham
ID: 6336799
Hi,

I would do this with ipchains (2.2 kernel series) or iptables (2.4 series) firewalling, i.e. packet filtering. As you have Redhat 6.2 I'll assume you don't have iptables..

If you have no firewalling currently in place you would effectively have the following defaults :

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

You would do something like this :

ipchains -A input -i eth0 -p tcp -s 172.16.0.0/16 -d 172.16.1.1 23 -j ACCEPT

(input from interface (-i) eth0 with source address (-s) 172.16.x.x going to destination address /port (-d) 172.16.1.1:23 -> accept, i.e. allow)

ipchains -A output -i eth0 -p tcp ! -y -s 172.16.1.1 23 -d 172.16.0.0/16 1024:65535 -j ACCEPT

(output from 172.16.1.1 port 23 going to destination 172.16.x.x on any port in range 1024:65535 as long as not (!) syn bit set (-y) - i.e. not initiating from your box - accept)

ipchains -A input -i eth1 -p tcp -d 172.16.16.1 23 -j DENY

(input on interface eth1, tcp protocol, going to 172.16.16.1 port 23 - DENY)

In the above examples I've assumed eth0 for your lan, eth1 for your internet connex, 172.16.16.1 as your redhat box, port 23 for telnet (normal unless you changed it), and 172.16.0.0 mask 255.255.0.0 for your lan.

All you would do is add these 'ipchains' lines to the end of your /etc/rc.d/init.d/rc.local startup script Or create a script called something like /etc/rc.d/init.d/rc.firewall and call that from rc.local.

Ssh (Secure Shell) is indeed more secure but I would still firewall it from outside. You would also need your client machines to have a client implementation of ssh which may not be easy if they are windows boxes. Ssh runs on tcp port 22 incidentally and is a little more complex to firewall with ipchains.

To check active rules do the list option:

ipchains -L input
ipchains -L output
etc.

Hope this helps, Iain  

 

 
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 51

Expert Comment

by:ahoffmann
ID: 6339972
not bad: ipchains.

BUT keep in mind that this needs a special compiled kernel.
Also, using a packetfilter (ipchains, iptables, etc.) just for restricting some host using telnet is oversized, somehow.
AND ALSO if ipchains is setup correctly you still need to configure telnet and/or ssh.
0
 
LVL 1

Expert Comment

by:reason100
ID: 6344771
You can restrict telnet access in your router config with
an access list.

Just a thought.

Rod
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6938055
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and keep them updated as the collaboration effort continues, to maintain your open and locked questions.  If you are a  KnowledgePro user, use the Power Search option to find them.  Anytime you have questions which are LOCKED with a Proposed Answer which does not serve your needs, please reject it and add comments as to why.  In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why.  This helps all involved, as well as future persons who may access this item for help.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.11761478.html
http://www.experts-exchange.com/questions/Q.11761498.html
http://www.experts-exchange.com/questions/Q.11939878.html
http://www.experts-exchange.com/questions/Q.11983098.html
http://www.experts-exchange.com/questions/Q.20036911.html
http://www.experts-exchange.com/questions/Q.20076314.html
http://www.experts-exchange.com/questions/Q.20081933.html
http://www.experts-exchange.com/questions/Q.20087002.html
http://www.experts-exchange.com/questions/Q.20096740.html
http://www.experts-exchange.com/questions/Q.20107721.html
http://www.experts-exchange.com/questions/Q.20122035.html
http://www.experts-exchange.com/questions/Q.20137701.html
http://www.experts-exchange.com/questions/Q.20142837.html
http://www.experts-exchange.com/questions/Q.20160168.html
http://www.experts-exchange.com/questions/Q.20229281.html
http://www.experts-exchange.com/questions/Q.20229282.html
http://www.experts-exchange.com/questions/Q.20239414.html
http://www.experts-exchange.com/questions/Q.20240363.html
http://www.experts-exchange.com/questions/Q.20240359.html
http://www.experts-exchange.com/questions/Q.20263732.html
http://www.experts-exchange.com/questions/Q.20270184.html
http://www.experts-exchange.com/questions/Q.20270186.html
http://www.experts-exchange.com/questions/Q.20278651.html
http://www.experts-exchange.com/questions/Q.20277653.html
http://www.experts-exchange.com/questions/Q.20282480.html
http://www.experts-exchange.com/questions/Q.20283128.html
http://www.experts-exchange.com/questions/Q.20283279.html
http://www.experts-exchange.com/questions/Q.20285563.html


To view your locked questions, please click the following link(s) and evaluate the proposed answer.
http://www.experts-exchange.com/questions/Q.11943438.html
http://www.experts-exchange.com/questions/Q.20149097.html
http://www.experts-exchange.com/questions/Q.11419338.html

**** PLEASE DO NOT AWARD THE POINTS TO ME. *****
 
------------>  EXPERTS:  Please leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
POINTS FOR EXPERTS awaiting comments are listed here -> http://www.experts-exchange.com/commspt/Q.20277028.html
 

Moderators will finalize this question if still open in @7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made.  Expert input is always appreciated to determine the fair outcome.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7020048
28 open questions, ZERO courtesy of response to follow up requests, most posted for 10 points (less than the 50 point recommendation for "easy" questions); all very disheartening!

Zero response by Asker nor Expert closing recommendations, therefore this was finalized today by Moondancer - EE Moderator
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now