Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-11-2001, 11:03 AM
|
#1
|
Member
Registered: Sep 2001
Posts: 42
Rep:
|
How to prevent telneting to my mail server on port 25
Hi,
How do i prevent users from telneting to my mail server on port 25? Is there an ip chains command or something.
The reason that I want to do this is because I dont want people to know that im running sendmail/etc.
Thanks for your time in advance
Adam
|
|
|
10-15-2001, 01:23 PM
|
#2
|
Member
Registered: Jun 2001
Location: Centralia, WA
Posts: 274
Rep:
|
If you read the manpage for xinetd.conf (man xinetd.conf) you will see that there is an option to specify the port to which you can telnet. If you specify the port and it is defined in /etc/services and uncommented you will be able to telnet to it.
|
|
|
10-17-2001, 12:05 AM
|
#3
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
[david@ccxxxxxx-x xinetd.d]$ pwd
/etc/xinetd.d
[david@xxxxxx-x xinetd.d]$ cat telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
[david@ccxxxxxx-x xinetd.d]$ cat /etc/services | grep telnet
telnet 23/tcp
telnet 23/udp
Last edited by DavidPhillips; 10-17-2001 at 12:09 AM.
|
|
|
10-18-2001, 02:38 PM
|
#4
|
Member
Registered: Jul 2001
Location: Taiwan (ex-Victoria BC)
Distribution: RH 9.0
Posts: 126
Rep:
|
Personally, I think Telnet is a terrible service to have running, and therefore never allow it on my server. If you need to allow remote access, I'd suggest SSH, as it is a much more secure way of doing it.
|
|
|
10-18-2001, 06:18 PM
|
#5
|
Member
Registered: Oct 2001
Distribution: red hat 7
Posts: 58
Rep:
|
Re: How to prevent telneting to my mail server on port 25
Quote:
Originally posted by adamrau
Hi,
How do i prevent users from telneting to my mail server on port 25? Is there an ip chains command or something.
The reason that I want to do this is because I dont want people to know that im running sendmail/etc.
Thanks for your time in advance
Adam
|
i think you can't disable 'telnet' access to port 25. smtp is a text-based protocol - all commands issued along with the messages they generate are in plain text. i don't think there is a way to distinguish between a user connecting to port 25 and another mta.
i would also recommend the following changes in /etc/sendmail.cf if u already have not done so:
SmtpGreetingMessage=
Privacy Options=goaway
HelpFile=
|
|
|
10-19-2001, 03:39 PM
|
#6
|
Member
Registered: Sep 2001
Location: The Netherlands
Distribution: Gentoo, Debian, Mandrake, LFS
Posts: 182
Rep:
|
If you only want to use the service on localhost itself, then you can indeed use ipchains to block access.
I only have something for iptables here, but for ipchains it should be similar.
# accept everything coming in on the loopback device
iptables -A INPUT -i lo -j ACCEPT
# reject tcp:25 from anywhere else
iptables -A INPUT -p tcp --dport 25 -j REJECT
Make sure they're at the start of the chain.
|
|
|
10-23-2001, 02:34 AM
|
#7
|
Member
Registered: Oct 2001
Location: Cave Creek, AZ
Distribution: Red Hat v7.1 Seawolf Edition :)
Posts: 38
Rep:
|
ok, so here i am on installing Linux for about the 10th time in 3 days... yay, gooo red hat wooooo
the first time i installed it, my internet access ran fine, but my vid card was shot... so i got a new one (Nvidia GEForce 2 w/ 32MB Ram btw) *grunt*grunt*grunt*
anyway... now i can't get online, i'm thinkin i didn't setup the netconfig properly, i think static is the one i want where i define the IP it always gets....
as i said earlier i'm typing from my Win2K machine connected via Linksys 4-port router/firewall.... what's the right config?
|
|
|
10-24-2001, 10:44 PM
|
#8
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
what are you configuring?
ifconfig is the tool for setting up the ipaddress and netmask
route is used to set the default gateway
resolv©conf is where the dns servernanes go©
or use netcfg for a gui in X
or netconfig for some basic setups in a terminal
or you can edit the following files
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/resolv©conf
post the outputs of ifconfig and route -n here
change your numbers a bit so not to post the real ip or mac address
:-¤
also your isp and connection info
|
|
|
All times are GMT -5. The time now is 04:22 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|