[prev in list] [next in list] [prev in thread] [next in thread]
List: fwtk-users
Subject: [fwtk-users] Re: About tn-gw
From: Ted Keller <keller () bfg ! com>
Date: 2001-11-30 3:05:09
[Download RAW message or body]
tn-gw has it's own connection acl loggic. You do not have to spawn it
from netacl. inetd can call it directly.
ted keller
On Fri, 30 Nov 2001, Toshio Kumagai wrote:
> Hi Kiyoshi-san and lists,
>
> Sorry that what I've said was not true.
> In my understand, tn-gw control is based on source IP address.
> So, ALL incoming telnet connsctions have to be controlled
> under tn-gw and netacl (netacl-telnetd).
> Here are tn-gw section of netperm-table on my firewall.
> Authserver is also working with opie.
>
> *: authserver 192.168.1.4 AUTHPORT
>
> netacl-telnetd: permit-hosts 127.0.0.1 192.168.1.* 192.168.2.* \
> -exec /usr/sbin/in.telnetd
> netacl-telnetd: permit-hosts * -exec /usr/local/etc/tn-gw
> tn-gw: permit-hosts * -auth -xok
>
> Netacl is called from tcpserver (not inetd...inetd is not
> working on my firewall) like this:
>
> tcpserver -vD -c3 -b5 -t3 0 23 /usr/local/etc/netacl telnetd &
>
> Hope this helps.
>
> ###
>
> Toshio Kumagai wrote:
> >
> > Hi Kiyoshi-san,
> >
> > What is the role of machine Host-B ?
> > Router ?
> > Or users at Host-A login to Host-B then login to Host C ?
> > Tn-gw would not work if the users log into Host-B first.
> > You have to control the access from Host-A to Host-B
> > in that case.
> > If Host-B acts as a router, then you can control access
> > from Host-A to Host-C in most case.
> >
> > Regards.
> >
> > ###
> >
> > Kiyoshi Ohashi wrote:
> > >
> > > Hello!
> > >
> > > I want to control access to Host-C from Host-A. Can the tn-gw control access
> > > to Host-C from Host-A?
> > >
> > > (Host-A)--->(tn-gw)--->(Host-B)--->(Host-C)
> > >
> > > Any hints?
> > >
> > > Thax!
> > >
> > > *S*N*O*W***
> > > Kiyoshi Ohashi
> > > HITACHI ULSI SYSTEMS CO., LTD.
> > > ' ' _O_/ ' Device Design Center
> > > ' / | ''
> > > ' - ' ' 5-22-1, Josuihon-cho, Kodaira-shi,
> > > (~~~~~/ \~~~~) == Tokyo, 187-8522 Japan
> > > ~~~~~~~~~~~~ Voice: +81-(0)42-326-1111 ex.3369
> > > Facimile: +81-(0)42-328-4373
> > > E-mail: k-ohashi@hitachi-ul.co.jp
> > >
> > > ---
> > > You are currently subscribed to fwtk-users as: Toshio_Kumagai@Kumasan.ORG
> > > To unsubscribe send a blank email to leave-fwtk-users-164N@listserv.nai.com
> >
> > --
> > Toshio Kumagai TK2959 / TK127-AP
> > Toshio_Kumagai@Kumasan.ORG, Japan
> >
> > ---
> > You are currently subscribed to fwtk-users as: Toshio_Kumagai@Kumasan.ORG
> > To unsubscribe send a blank email to leave-fwtk-users-164N@listserv.nai.com
>
> --
> Toshio Kumagai TK2959 / TK127-AP
> Toshio_Kumagai@Kumasan.ORG, Japan
>
> ---
> You are currently subscribed to fwtk-users as: keller@bfg.com
> To unsubscribe send a blank email to leave-fwtk-users-164N@listserv.nai.com
>
---
You are currently subscribed to fwtk-users as: fwtk-users@progressive-comp.com
To unsubscribe send a blank email to leave-fwtk-users-164N@listserv.nai.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic