Subject: Re: Help for a newbie
From: BWS - Offwhite (brennan@offwhite.net)
Date: Wed Sep 20 2000 - 15:08:29 EDT
Yes, are their any access controls like this? If it could work much like
the htaccess configs in apache. That would be great.
Right now I do not like having Netatalk on various servers because I
cannot limit access very easy using Netatalk itself.
But with firewalls you should be able to allow access to specific IPs to
specific services/ports and then put a rule after those which block all
access. I have yet to set this up, but it can be done. I just wish I
know how to tell the firewall to allow or block an entire C block,
123.123.123.0/32. That does not seem to work with FreeBSd/ipfw. I may
just need to do some more reading.
If anyone can offer any pointers it would be appreciated.
Brennan Stehling - web developer and sys admin
projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com
On Wed, 20 Sep 2000, Steve Freitas wrote:
> >I am not well acquainted with tcp wrappers, but doesn't tcp wrappers
> >only apply if you are starting afpd from /etc/inetd.conf, and not the
> >SysV-style /etc/rc.d/init.d/atalk script? On the other hand, if you use
> >ipchains to block the port, then it shouldn't matter how you start the
> >server, because then the firewalling is done at a lower level in the
> >kernel.
>
> I bow to your grater knowledge. :-) Ipchains is it.
>
> > Beyond that, it seems to me that both the ipchains and tcp wrappers
> >solutions would block *all* access, or none; neither could be used to
> >limit it to guest access. What Colin was asking for is access control
> >based on both IP and user ID.
>
> My impression was that he was asking to exclude a range of IPs
> completely. Colin, can you sort this out? :-)
>
> Steve
>
>
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:12 EST