Thanks for all the helpful replies - too many to reply individually. The
following suggestions were made, along with the frequency of the suggestion:
Get a real firewall: 5
Use TCPWrappers: 6
Use IPFilter: 4
Use xinetd: 3
Use other misc. sw: 4
I will explain a bit further. We do have a router set up as a firewall (ARN
Router) but our network guys are having trouble getting the filters
configured to deny access to all but a few ports. Doesn't seem like it
should be that hard, but then I am not familiar with the Nortel world..
With a Cisco router I believe it could be done in 5 minutes with a
relatively simple access list (flame-bait there? Maybe :-)). In any case,
I will be looking into TCPWrappers as a solution to the problem as it sounds
like it is a more or less universally accepted/trusted package even though
it is not part of Solaris. Any comments on whether TCPWrappers is reliable
and secure enough for a production environment?
Thanks again,
-David
-----Original Message-----
From: David E. Schwarze
Sent: Wednesday, October 04, 2000 4:31 PM
To: 'sun-managers@sunmanagers.ececs.uc.edu'
Subject: How to disable ports only on 2nd NIC card
Hello,
I'm having a problem that I have not been able to resolve by RTFM. We have
a production server that we have just installed a 2nd NIC card into. This
server is set up to NOT do any routing between the networks. There are no
connectivity problems apparent.
The problem is that we want to deny access to all but a few carefully
selected ports from the 2nd interface while allowing the normal assortment
of ports to be accessed from the original interface. Is this possible? And
if so, what needs to be configured to make this happen? I can't see any way
to do this in inetd.conf.
Thanks in advance,
-David
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:19 CDT