LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-03-2007, 03:14 AM   #1
rude_reality
Member
 
Registered: Feb 2004
Location: Gainesville, Fl
Distribution: Debian 6
Posts: 41

Rep: Reputation: 15
securing telnet for lan use only


Ok, I been setting up my linux box (slackware 11) to be router/server for my home. I would like to take the monitor and keyboard off of it and have to running in a corner. My plain was to use samba and telnet to transfer files and access it if I need to change or to upgrade the system. I have samba responding to my network address of 192.168.1.0 only. Is there away to have telnet only take connection from my lan and not the internet?

My setup:

2 nic
1 Linsys AP (eth1)
1 DSL Modem (eth0)
 
Old 02-03-2007, 03:36 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
uninstall telnet, use ssh instead. both telnet and ssh typically support tcpwrappers though, so you can control what can reach them via /etc/hosts.allow adn /etc/hosts.deny. additionally, you should have a generic firewall sitting infornt of all this anyway.
 
Old 02-03-2007, 05:37 AM   #3
slzckboy
Member
 
Registered: May 2005
Location: uk - Reading
Distribution: slackware 14.2 kernel 4.19.43
Posts: 462

Rep: Reputation: 30
As intimated by acid_kewpie you just configure your firewall only to allow connections to port 22(ssh) or port 23 (telnet) from within your lan subnet, and not from your external internet interface.

You should be blocking all incoming connections by default anyway from the net.?!
 
Old 02-05-2007, 02:50 AM   #4
rude_reality
Member
 
Registered: Feb 2004
Location: Gainesville, Fl
Distribution: Debian 6
Posts: 41

Original Poster
Rep: Reputation: 15
Ok, it sounds like the firewall is the key. do you know any good links on firewall scripting?
 
Old 02-05-2007, 11:21 AM   #5
dx0r515t
Member
 
Registered: Jan 2005
Location: USA
Distribution: Slackware 10.2 & 11.0
Posts: 155

Rep: Reputation: 30
http://www.linuxguruz.com/iptables/howto/
http://iptables-tutorial.frozentux.n...-tutorial.html
Or just google "iptables tutorial".

As a reference to allow ssh use something like this (with default policy DROP):
Code:
iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -m state --state NEW -j ACCEPT

Last edited by dx0r515t; 02-05-2007 at 11:24 AM.
 
Old 02-05-2007, 11:26 AM   #6
slzckboy
Member
 
Registered: May 2005
Location: uk - Reading
Distribution: slackware 14.2 kernel 4.19.43
Posts: 462

Rep: Reputation: 30
I would also say iptables,but then that is all I have ever used!?!!

If you decide to use it spend some time reading the iptables howto.

Very powerful and very useful firewall.
Make sure you are dropping all incoming connections by default.

Just running the command above will be pointless if you have a fresh default iptables setup which lets everything through anyway.

Goodluck.
 
Old 02-09-2007, 06:15 AM   #7
rude_reality
Member
 
Registered: Feb 2004
Location: Gainesville, Fl
Distribution: Debian 6
Posts: 41

Original Poster
Rep: Reputation: 15
thanks

thank you for the help...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing Wireless LAN Notwerk Linux - Wireless Networking 2 07-19-2006 02:55 AM
Securing LAN from a Wireless Intruder jporpilla Linux - Wireless Networking 16 05-22-2006 07:22 AM
Securing machine that needs telnet and ftp keysorsoze Linux - Security 5 05-04-2006 06:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration