ipchains rule for telnetetting from a specific ip-range

ipchains rule for telnetetting from a specific ip-range

Post by Luigi » Wed, 21 Mar 2001 21:34:30



Hi!

I've set up a firewall with some ipchains rules
(actually a friend of mine did it - therefore my
question...). With the current rules I can't telnet to
my linuxbox at home from outside. But I want now to
connect from my pc at work via telnet to my pc at
home. Does anyone know how the ipchains rule should
look like to allow telnet connection from ouside for a
specific ip (ip-range)

Thanks in advance for any answers!

Gino

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

--
Posted from web903.mail.yahoo.com [128.11.23.78]
via Mailgate.ORG Server - http://www.Mailgate.ORG

 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by Andre » Wed, 21 Mar 2001 22:50:59


Why not just do it through tcp_wrappers

hosts.deny  ALL:ALL
hosts.allow  in:telnetd  192.168.0. & than your works machines IP address

You should be using ssh to be sure to be sure 8^)

Regards

Andrew

Quote:> Hi!

> I've set up a firewall with some ipchains rules
> (actually a friend of mine did it - therefore my
> question...). With the current rules I can't telnet to
> my linuxbox at home from outside. But I want now to
> connect from my pc at work via telnet to my pc at
> home. Does anyone know how the ipchains rule should
> look like to allow telnet connection from ouside for a
> specific ip (ip-range)

> Thanks in advance for any answers!

> Gino

> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/

> --
> Posted from web903.mail.yahoo.com [128.11.23.78]
> via Mailgate.ORG Server - http://www.Mailgate.ORG


 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by John Lamp » Wed, 21 Mar 2001 23:00:22


/sbin/ipchains -A input -i ethX -p tcp -s Work.IP.Number --dport 23 -j
ACCEPT
where ethX will be your interface and
Work.IP.Number will be the IP you are telnetting from at work

John Lampe
--
http://f00dikator.penguinpowered.com/

Quote:> Hi!

> I've set up a firewall with some ipchains rules
> (actually a friend of mine did it - therefore my
> question...). With the current rules I can't telnet to
> my linuxbox at home from outside. But I want now to

 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by s.. » Thu, 22 Mar 2001 00:51:52


Quote:> Hi!
> I've set up a firewall with some ipchains rules
> (actually a friend of mine did it - therefore my
> question...). With the current rules I can't telnet to
> my linuxbox at home from outside. But I want now to
> connect from my pc at work via telnet to my pc at
> home. Does anyone know how the ipchains rule should
> look like to allow telnet connection from ouside for a
> specific ip (ip-range)
> Thanks in advance for any answers!
> Gino

It depends. The mentioned restriction can be achieved in 2 ways:

a) accept by default
b) deny by default

You may insert a permitting rule somewhere at the beginning
of your rule set.

Anyway 'man ipchains' is your friend.

--
Smooth Operator

 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by Michael Erskin » Thu, 22 Mar 2001 08:52:36


It is *NOT* a good idea to telnet from work.
Set up ssh or some other more secure means of getting
a shell remotely.

-m-


> Hi!

> I've set up a firewall with some ipchains rules
> (actually a friend of mine did it - therefore my
> question...). With the current rules I can't telnet to
> my linuxbox at home from outside. But I want now to
> connect from my pc at work via telnet to my pc at
> home. Does anyone know how the ipchains rule should
> look like to allow telnet connection from ouside for a
> specific ip (ip-range)

> Thanks in advance for any answers!

> Gino

> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/

> --
> Posted from web903.mail.yahoo.com [128.11.23.78]
> via Mailgate.ORG Server - http://www.Mailgate.ORG

 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by John Sag » Thu, 22 Mar 2001 14:25:58


I'm glad someone got to the important point, here!


> It is *NOT* a good idea to telnet from work.

> Set up ssh or some other more secure means of getting
> a shell remotely.

> -m-


>> Hi!

>> I've set up a firewall with some ipchains rules
>> (actually a friend of mine did it - therefore my
>> question...). With the current rules I can't telnet to
>> my linuxbox at home from outside. But I want now to
>> connect from my pc at work via telnet to my pc at
>> home. Does anyone know how the ipchains rule should
>> look like to allow telnet connection from ouside for a
>> specific ip (ip-range)

>> Thanks in advance for any answers!

- John
--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/

And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"
 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by Luigi » Thu, 22 Mar 2001 19:18:40


Why not? To insecure? How do I set up ssh? What are
the other ways to get my shell?

Quote:>It is *NOT* a good idea to telnet from work.
>Set up ssh or some other more secure means of getting
>a shell remotely.

>-m-

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

--
Posted from web903.mail.yahoo.com [128.11.23.78]
via Mailgate.ORG Server - http://www.Mailgate.ORG

 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by . » Fri, 23 Mar 2001 05:15:03



Quote:> Why not?

Like many other TCP based services, telnet sends all
packets "in the clear", meaning anyone with a
packet sniffer running on your local or remote network can
easily "harvest" your login and password info. Standard
ftp,rsh,rlogin apply as well.

Quote:>To insecure?

Yup

Quote:> How do I set up ssh?

You need to setup ssh servers (sshd) on any host
you want to log into (*unix). Then use the ssh client
to connect. There are clients for just about every OS.

Depending on your linux distribution, you should be able to
download the RPMs for the client/server. If RH, go to downloads
and search for openssh. Download and install these.

openssh 2.3.0p1 - 4            (ssh core)
openssh-clients 2.3.0p1 - 4
openssh-server 2.3.0p1 - 4
openssh-askpass 2.3.0p1 - 4

Then read the man pages for sshd and ssh.

Quote:> What are
> the other ways to get my shell?

The general point is to use encrypted methods of communication
when trying to reach your "shell". The most common approach is to
use secure shell (either "ssh" or "openssh").
 
 
 

ipchains rule for telnetetting from a specific ip-range

Post by Michael Erskin » Fri, 23 Mar 2001 08:07:51


Luigino;

Telnet, FTP and pop, as well as many other tools,
pass password information in the clear (unencrypted).
Anyone, anywhere between your work system and your
home system can sniff your password information off
the wire.  Even if it is only a user account it will
open doors which can be leveraged to gain root access
to your system.

As to how to setup ssh.  There are rpm's that do that
for you and one of the others will nodoubt point you
to a link.  It is not as easy as setting up telnet but
it is kinda cool to know you are running an encrypted
data stream to your host.

Get crackin' oooppps probably shouldn't use that slang
here.  Get after it, dude.
:)

-m-


> Why not? To insecure? How do I set up ssh? What are
> the other ways to get my shell?

> >It is *NOT* a good idea to telnet from work.
> >Set up ssh or some other more secure means of getting
> >a shell remotely.

> >-m-

> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/

> --
> Posted from web903.mail.yahoo.com [128.11.23.78]
> via Mailgate.ORG Server - http://www.Mailgate.ORG

 
 
 

1. ipchains rule for ip range

I've been looking through ipchains documentation for exactly how to
write rules affecting a specific ip range.  Doing a network or specific
ip address is rather straightforward.  So, also, is a range of ips
within a class c address.  However, I'm trying to figure out how to
write an ipchain rule to reject everything coming from:

200.128.0.0 to 200.255.255.0.

I read about using things like 199.95.207.0/24, but I don't know what
the significant bit would be for the range stated above.

If someone can point me in the right direction on this I'd appreciate
it.

--
Ron Parker
Software Creations            http://www.scbbs.com
TradeWinds Publishing         http://www.intl-trade.com
TradePoint Los Angeles        http://www.tradepointla.org
SiteDirector Security Server  http://livepublish.scbbs.com
Civil War Online Library      http://civilwar.scbbs.com

2. UNIX and NT

3. remove specific ipchains rule! How?

4. Berkeley compatibility ptys

5. Howto set an IP address range into rules of iptables

6. Thank you everyone!

7. PF rule allowing specific IP's to pass

8. vi editor FAQ (Frequently Asked Question List), Part 1/2

9. IP Chains specific rule

10. Blocking Range of IP Addresses with IPCHAINS

11. Converting ipchains rules to iptables rules?

12. Routing UDP packets to a specific NAT'd IP under ipchains and 2.4.0

13. How to disable ipchains logging only for a specific IP?