From owner-freebsd-ipfw Thu Sep 6 14: 5:30 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from planw-65-33-233-186.pompano.net (planw-65-33-233-186.pompano.net [65.33.233.186]) by hub.freebsd.org (Postfix) with ESMTP id 584E537B403 for ; Thu, 6 Sep 2001 14:05:25 -0700 (PDT) Received: (from pchampon@localhost) by planw-65-33-233-186.pompano.net (8.10.2/8.9.3) id f86L8L603817; Thu, 6 Sep 2001 17:08:21 -0400 (EDT) (envelope-from pchampon) Date: Thu, 6 Sep 2001 17:08:21 -0400 From: Phil C To: freebsd-ipfw@FreeBSD.ORG, alexus Subject: Re: ipfw w/ port routing form telnet port to ssh Message-ID: <20010906170821.A3777@planw-65-33-233-186.pompano.net> References: <005501c136fc$73e8f530$0d00a8c0@alexus> <20010906205502.B72023@sunbay.com> <007a01c136fd$eab7e2b0$0d00a8c0@alexus> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007a01c136fd$eab7e2b0$0d00a8c0@alexus>; from ml@db.nexgen.com on Thu, Sep 06, 2001 at 02:01:13PM -0400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I do not know if anyone bothered to tell you, but telnet'ing to 23 only to be forwarded to 22 will not work. The connection is encrypted on 22, so a plain text telnet protocol will probably only turn up whacky errors for the people trying to telnet in. You would probably be better off, either telling people directly not to use telnet or using tcpd/tcpwrappers to do something like: telnet: ALL: twist /bin/echo "You are not welcome to use %d, use ssh instead" If you want to be nice to people.... -- Phil Thus spake alexus, on the year of our L*rd Thu, Sep 06, 2001 at 02:01:13PM -0400: > would you care to share?:) > > please? > > thank you in advance > > ----- Original Message ----- > From: "Ruslan Ermilov" > To: "alexus" > Cc: > Sent: Thursday, September 06, 2001 1:55 PM > Subject: Re: ipfw w/ port routing form telnet port to ssh > > > > On Thu, Sep 06, 2001 at 01:50:44PM -0400, alexus wrote: > > > hi > > > > > > i'm trying to secure my box as much as i can, but i've been told that > it's > > > not a very good idea to leave telnet open, i understand this is transmit > > > text it clear text, but one of my user can't use port 22 due to his > behind > > > firewall, my question is: > > > > > > is it possible to make ipfw to transfer all data between ports on same > ip? > > > but i want that rule to be applyed for one ip only > > > > > > basically what i want to accomplished with this is whenever he'll telnet > to > > > my box he'll route to port 22, even though he'll still be connected to > port > > > 23, i'll just tell him to use ssh client instead > > > > > This could be done in a number of different ways. > > With ipfw(8)'s `fwd' option, or with natd(8). > > > > > > Cheers, > > -- > > Ruslan Ermilov Oracle Developer/DBA, > > ru@sunbay.com Sunbay Software AG, > > ru@FreeBSD.org FreeBSD committer, > > +380.652.512.251 Simferopol, Ukraine > > > > http://www.FreeBSD.org The Power To Serve > > http://www.oracle.com Enabling The Information Age > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message