Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Sep 2001 17:08:21 -0400
From:      Phil C <mongo@elephantitis.org>
To:        freebsd-ipfw@FreeBSD.ORG, alexus <ml@db.nexgen.com>
Subject:   Re: ipfw w/ port routing form telnet port to ssh
Message-ID:  <20010906170821.A3777@planw-65-33-233-186.pompano.net>
In-Reply-To: <007a01c136fd$eab7e2b0$0d00a8c0@alexus>; from ml@db.nexgen.com on Thu, Sep 06, 2001 at 02:01:13PM -0400
References:  <005501c136fc$73e8f530$0d00a8c0@alexus> <20010906205502.B72023@sunbay.com> <007a01c136fd$eab7e2b0$0d00a8c0@alexus>

next in thread | previous in thread | raw e-mail | index | archive | help
I do not know if anyone bothered to tell you, but telnet'ing to 23 only to be
forwarded to 22 will not work. The connection is encrypted on 22, so a plain
text telnet protocol will probably only turn up whacky errors for the people
trying to telnet in. You would probably be better off, either telling people
directly not to use telnet or using tcpd/tcpwrappers to do something like:

telnet: ALL: twist /bin/echo "You are not welcome to use %d, use ssh instead"


If you want to be nice to people....


--
Phil


Thus spake alexus, on the year of our L*rd Thu, Sep 06, 2001 at 02:01:13PM -0400:
> would you care to share?:)
> 
> please?
> 
> thank you in advance
> 
> ----- Original Message -----
> From: "Ruslan Ermilov" <ru@FreeBSD.ORG>
> To: "alexus" <ml@db.nexgen.com>
> Cc: <freebsd-ipfw@FreeBSD.ORG>
> Sent: Thursday, September 06, 2001 1:55 PM
> Subject: Re: ipfw w/ port routing form telnet port to ssh
> 
> 
> > On Thu, Sep 06, 2001 at 01:50:44PM -0400, alexus wrote:
> > > hi
> > >
> > > i'm trying to secure my box as much as i can, but i've been told that
> it's
> > > not a very good idea to leave telnet open, i understand this is transmit
> > > text it clear text, but one of my user can't use port 22 due to his
> behind
> > > firewall, my question is:
> > >
> > > is it possible to make ipfw to transfer all data between ports on same
> ip?
> > > but i want that rule to be applyed for one ip only
> > >
> > > basically what i want to accomplished with this is whenever he'll telnet
> to
> > > my box he'll route to port 22, even though he'll still be connected to
> port
> > > 23, i'll just tell him to use ssh client instead
> > >
> > This could be done in a number of different ways.
> > With ipfw(8)'s `fwd' option, or with natd(8).
> >
> >
> > Cheers,
> > --
> > Ruslan Ermilov Oracle Developer/DBA,
> > ru@sunbay.com Sunbay Software AG,
> > ru@FreeBSD.org FreeBSD committer,
> > +380.652.512.251 Simferopol, Ukraine
> >
> > http://www.FreeBSD.org The Power To Serve
> > http://www.oracle.com Enabling The Information Age
> >
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906170821.A3777>