home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!stanford.edu!agate!usenet.ins.cwru.edu!gatech!rpi!usc!cs.utexas.edu!rutgers!spcvxb!terry
- From: terry@spcvxb.spc.edu (Terry Kennedy, Operations Mgr.)
- Newsgroups: vmsnet.networks.tcp-ip.ucx
- Subject: Re: Need help on limiting Telnet and FTP access
- Message-ID: <1993Jan7.121716.4845@spcvxb.spc.edu>
- Date: 7 Jan 93 17:17:16 GMT
- References: <1ihfabINNibt@savoy.cc.williams.edu>
- Organization: St. Peter's College, US
- Lines: 30
-
- In article <1ihfabINNibt@savoy.cc.williams.edu>, anderson@Williams.EDU writes:
- > My problem is getting FTP to do the same thing. tt_accpornam is never filled
- > by the ftpd process and I have come up with no other way to solve this problem.
- > Has anyone out there in netland done any "filtering" like this? Any input
- > would be greatly appreciated.
-
- If you're using V2.0, the security screening stuff should do what you need.
- Here's an example of a SHOW SERVICE for a service with screening set up to
- only allow local access:
-
- | Security
- | Reject msg: Service not allowed from off-campus hosts.
- | Accept host: 0.0.0.0
- | Accept netw: 192.107.46.0:255.255.255.0
-
- Note that the documentation and help are both wrong on the format of the
- screening parameters. Here's the correct syntax:
-
- | UCX> SET SERVICE service/accept=(net:(a.b.c.d:e.f.g.h))
-
- where a.b.c.d is the net number and e.f.g.h is the net mask.
-
- Lastly, you should only define the reject message for services where a
- message makes sense - FTP should be Ok, but (for example) NFS wouldn't. In
- the NFS case, the mount will fail due to the security screening anyway, so
- the user should get the idea.
-
- Terry Kennedy Operations Manager, Academic Computing
- terry@spcvxa.bitnet St. Peter's College, Jersey City, NJ USA
- terry@spcvxa.spc.edu +1 201 915 9381
-
