At 03:08 PM 2/15/99 +0200, Pieter Claassen wrote:
>Just two questions please:
>1. How do I civilly disable telnet login to a machine. We are running ssh
>and I don't want the telnet deamon to start.
check out /etc/inetd.
>2. We are fedup with ipfwadm. As soon as we enable ipfwadm -I -p -deny and
>only allow the specified ports to be open, then we get no traffic.
>What is ironic is that http will get forwarded (masqueraded) to the subnet,
>but the gateway machine cannot see any protocol|any port. I know that
>ipfwadm pulls masqueraded packets away before the forwarding filter. What
>about the input filter.
Input filter's will be checked before anything else. This is especially
true of masqueraded packets, because their not forwarded in quite the same
way. On the way in (from the outside world), they look like packets
directed at the firwall (not the machines behind it), so if the input
filter is set to deny, nothing will ever get to the masquerading code. I
didn't think the forwarding would be used for the masqueraded packets, just
input-->masq-->output. But then I'm not much of an expert with this :-)
>Is there any way that I can test what services are running on what ports
>(ie. if some of the services on the machine was started with non
>/etc/services port no.'s)
netstat -ae will show all open sockets, including listening sockets.
Tristan
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
