Pub LAN
|
freeBSD
|
Internal LAN
|
+ telnet srv on HP-UX 10.x box
+ other services (http, pop3, smtp, ftp)...
I've the following problem:
Inside Internal LAN I can connect myself to HP-UX telnet but from Public LAN in some place is refusing me the access. On freeBSD box is not, I've checked several times the configuration because I'm able to connect me to the other services (http, ftp, pop3, smtp). So I've reached the conclusion that the problem must be on HP-UX box.
Q: Is it possible that HP-UX has a IP range telnet restriction? If it's, where can I check that?
If the telnet service is being started from inetd, it may have ip address restrictions imposed. These are in /var/adm/inetd.sec of HP-UX 11.0. (not sure about 10.x, may be a different path, but same name).
One more question, Is it possible, for instance, if my internal lan range is 192.168.1.0/24, when HP-UX boots and raises inetd, it automatically bind to this ip range, and I would have to specify inside /var/adm/inetd.sec other ip ranges?
inetd.sec restricts connections from certain ip addresses. It has nothing to do with binding. Binding to an address would restrict connections to a certain ip address. inetd seems to bind to only to the port by using a wildcard for ip address. I don't think HP's inetd can bind to a certain address. At least, looking at the man page, I don't see an obvious way to do it. It would be a nice feature, though.
Sorry, I used the wrong word (bind), I referred to the word "restriction"
My doubt is if inside /var/adm/inetd.conf there is no reference to allow or deny, HP-UX by default restricts telnet connections that are outside to my ip range, for instance, if my lan ip range is 192.168.1.0/24 and someone try to connect itself from 10.10.10.0/24, HP-UX refuse to accept it?
The man inetd.sec says: If file /var/adm/inetd.sec does not exist, security is limited to that implemented by the servers. Where can I find these security implementations?
Look at the man page for telnetd (telnet server), ftpd (ftp server), etc. Some ftp servers have some ip restiction capability. I have seen a tenet server with anything like that.