From owner-freebsd-questions  Sun May 27  1: 8:38 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from saturn.sit.edu.my (saturn.sit.edu.my [202.184.64.24])
	by hub.freebsd.org (Postfix) with ESMTP id A9F0F37B424
	for <questions@FreeBSD.ORG>; Sun, 27 May 2001 01:08:34 -0700 (PDT)
	(envelope-from Lim.Seng.Chor@sit.edu.my)
Received: from LION (pmail.sit.edu.my [202.184.64.6])
	by saturn.sit.edu.my (8.11.3/8.11.3) with ESMTP id f4R8EL520718;
	Sun, 27 May 2001 16:14:21 +0800
Received: from LION/SpoolDir by LION (Mercury 1.47);
    27 May 01 16:22:58 +0800
Received: from SpoolDir by LION (Mercury 1.47); 27 May 01 16:22:47 +0800
From: "Lim Seng Chor" <Lim.Seng.Chor@sit.edu.my>
Organization: Sepang Institute of Technology
To: david@banning.com
Date: Sun, 27 May 2001 16:22:39 +0800
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: telnet security question
Cc: questions@FreeBSD.ORG
Message-ID: <3B11271E.13364.8EF1A94@localhost>
In-reply-to: <200105270809.f4R89ZB01609@d.tracker>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


(1) Block the telnet packet to your destination host at your 
router/gateway
(2) use tcp_wrapper + inetd, allow only access to telnetd from local 
network
(3) using xinetd and block all non local subnet telnet request
(4) use /etc/login.access to block the non local login
(5) define your login class at /etc/login.conf

you can use either one of the above according to your need.
if you have any questions or need any info/instruction how to do, 
just ask.
good luck! : )


On 27 May 2001, at 8:09, David Banning wrote:

> Is there a way to allow users on our local area network to telnet into
> the server, but block telnet access to the server from the internet?
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message