Hi,
In our application, we would like to control FTP and TELNET access to a
QNX4.24 machine. That is:
- Restrict FTP and Telnet access to only one or a few IP addresses.
- Prohibit one of the two Intel 82557 compatible ethernet cards on this
machine from granting ftp and telnet access( i.e. ftp and telnet access are
allowed on one port only)
I have Net started, and the two Net.ether82557 drivers running
I have Socket started, ifconfig configured en1 and en2 (for ethernet cards 1
and 2)
I have inetd controlling the ftpd and telnetd processes.
According to QNX knowledge database ref no QNX.000009648, there are two
files (/etc/hosts.deny and /etc/hosts.allowed) that are used to enforce 1.
However, I failed to make that work.
Is there something I should add in the inetd.conf file to make ftpd and
telnetd use these two files?
Does someone have a more detailed description of these two files and how
they work?
As for item 2, I didn’t find anything on the QNX web site and newsgroups.
I would really appreciate any solution or information
Regards,
Alain Boyer
Adam,
Thanks for your quick answer.
I would definitely appreciate if you can send me this tcpwrappers.
Do you have further informations on how to set it up? for example, if I
want to allow access only to ip addresses under 192.168.1, what should I put
in the hosts.deny and hosts.allowed files.
And for item 2(allow ftp and telnet access on only one of the two ethernet
card) do you have any clue?
Regards
Alain
“Operating System Tech Support” <os@qnx.com> wrote in message
news:9th2fk$i2$1@nntp.qnx.com…
“Alain Boyer” <> aboyer@broadtel.com> > wrote in message
news:9tgja4$n9b$> 1@inn.qnx.com> …
In our application, we would like to control FTP and TELNET access to a
QNX4.24 machine. That is:
- Restrict FTP and Telnet access to only one or a few IP addresses.
- Prohibit one of the two Intel 82557 compatible ethernet cards on this
machine from granting ftp and telnet access( i.e. ftp and telnet access
are
allowed on one port only)
According to QNX knowledge database ref no QNX.000009648, there are two
files (/etc/hosts.deny and /etc/hosts.allowed) that are used to enforce
1.
However, I failed to make that work.
That KB entry is not correct (and has been removed). What you require is
tcpwrappers which read the hosts.allow (not allowed) and host.deny files
in
the /etc directory.
If you wish I can upload you tcpwrappers which I ported for QNX4 (which is
unsupported but works).
-Adam
“Alain Boyer” <aboyer@broadtel.com> wrote in message
news:9tgja4$n9b$1@inn.qnx.com…
According to QNX knowledge database ref no QNX.000009648, there are two
files (/etc/hosts.deny and /etc/hosts.allowed) that are used to enforce 1.
However, I failed to make that work.
Is there something I should add in the inetd.conf file to make ftpd and
telnetd use these two files?
Does someone have a more detailed description of these two files and how
they work?
I’ve removed the KB entry, as it was incorrect. telnetd nor ftpd for qnx4
check /etc/hosts.allow or deny for access. These files are used by
something called tcpwrappers. I’ll hunt around to see if we have a port of
this for QNX4.
-Adam
[snip]
And for item 2(allow ftp and telnet access on only one of the two ethernet
card) do you have any clue?
Do you need TCP/IP on the second ethernet card? If not, don’t ifconfig it.
Pavol Kycina
“Alain Boyer” <aboyer@broadtel.com> wrote in message
news:9tgja4$n9b$1@inn.qnx.com…
In our application, we would like to control FTP and TELNET access to a
QNX4.24 machine. That is:
- Restrict FTP and Telnet access to only one or a few IP addresses.
- Prohibit one of the two Intel 82557 compatible ethernet cards on this
machine from granting ftp and telnet access( i.e. ftp and telnet access
are
allowed on one port only)
According to QNX knowledge database ref no QNX.000009648, there are two
files (/etc/hosts.deny and /etc/hosts.allowed) that are used to enforce 1.
However, I failed to make that work.
That KB entry is not correct (and has been removed). What you require is
tcpwrappers which read the hosts.allow (not allowed) and host.deny files in
the /etc directory.
If you wish I can upload you tcpwrappers which I ported for QNX4 (which is
unsupported but works).
-Adam
Alain Boyer" <aboyer@broadtel.com> wrote in message
news:9th5pf$dfn$1@inn.qnx.com…
I would definitely appreciate if you can send me this tcpwrappers.
Sure email me and I’ll send it to you (ftp etc)
Do you have further informations on how to set it up? for example, if I
want to allow access only to ip addresses under 192.168.1, what should I
put
in the hosts.deny and hosts.allowed files.
I’ll send you an example of an inetd.conf file so that you can see how to
run it. The standard setup is to put “ALL:ALL” in the host.deny (so that
all is denied by default) and then specificly place the services:IP that you
wish to allow in the host.allow.
And for item 2(allow ftp and telnet access on only one of the two ethernet
card) do you have any clue?
You could download and port the newest inetd, which allows you to specify
and address to which to bind a service to.
-Adam
Adam,
I sent you an email yesterday, did you receive it? I sent it to os@qnx.com
…
Alain
“Operating System Tech Support” <os@qnx.com> wrote in message
news:9tj85l$b9q$1@nntp.qnx.com…
Alain Boyer" <> aboyer@broadtel.com> > wrote in message
news:9th5pf$dfn$> 1@inn.qnx.com> …
I would definitely appreciate if you can send me this tcpwrappers.
Sure email me and I’ll send it to you (ftp etc)
Do you have further informations on how to set it up? for example, if
I
want to allow access only to ip addresses under 192.168.1, what should I
put
in the hosts.deny and hosts.allowed files.
I’ll send you an example of an inetd.conf file so that you can see how to
run it. The standard setup is to put “ALL:ALL” in the host.deny (so that
all is denied by default) and then specificly place the services:IP that
you
wish to allow in the host.allow.
And for item 2(allow ftp and telnet access on only one of the two
ethernet
card) do you have any clue?
You could download and port the newest inetd, which allows you to specify
and address to which to bind a service to.
-Adam