×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

AIX Commands

solution for restricting / allowing telnet,FTP to the IP by arvibm
Posted: 13 Feb 03

Here is the solution for restricting / allowing telnet,FTP to the IP
Adresses.
This document assumes that you are running AIX 4.3.3
This document walks you through installing ipsec
software
and then creating a couple of filter rules so that
only the machine with IP address = 9.3.6.180 can FTP
to 9.3.6.177.
1. Install the software (on AIX 4.3.3 CD 2):          
                   OID
.                                                  
                      BDC
bos.msg.en_US.net.ipsec         4.3.3.0
bos.net.ipsec.rte               4.3.3.0
.                                                     
2. Install latest fixes for ipsec filesets that you
installed above:         7
.                                                  
                       OF
bos.net.ipsec.rte  4.3.3.77                        

3. Reboot
.
4. Start IP
Security:
.
# smitty ipsec4
  Start/Stop IP Security
   Start IP
Security ->
Type or select values in entry fields.
Press Enter AFTER making all desired changes
5. Check that ipsec is available.                  
                      BDC
.
# lsdev -Cc ipsec ->
ipsec_v4 Available  IP Version 4 Security Extension

Type or select values in entry fields.
Press Enter AFTER making all desired changes.
.                                                     
                  PAGE
                                               
       [Entry Fields]      13
* Rule Action                                      
[permit]               OF
+                                                  
                       19
* IP
Source Address                                 
[9.3.6.180]
* IP Source
Mask                                    
[255.255.255.255]
 IP
Destination Address                            
[9.3.6.177]
 IP
Destination Mask                               
[255.255.255.255]
* Apply to Source Routing? (PERMIT/inbound only)    
[yes]
+
* Protocol                                          
[all]
+
* Source Port / ICMP Type Operation                 
[any]                 OID
+                                                  
                      BDC
* Source Port Number / ICMP Type                   
[0]
#
* Destination Port / ICMP Code Operation            
[eq]                 PAGE
+                                                  
                       14
* Destination Port Number / ICMP Type              
[21]                   OF
#                                                  
                       19
* Routing                                          
[both]
+
* Direction                                         
[both]
+
* Log Control                                       
[no]
+
* Fragmentation Control                             
[all packets]
+
* Tunnel ID                                         
[0]                   OID
+#                                                 
                      BDC
* Interface                                        
[all]
+
.                                                     
                  PAGE
8. Add another filter rule to deny all other FTP
requests to 9.3.6.177:     15
.                                                  
                       OF
                         Add an IP Security Filter
Rule                     19
.
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
.
                                                  
    [Entry Fields]
* Rule Action                                      
[deny]
+
* IP Source
Address                                  [0.0.0.0]
* IP Source
Mask                                     [0.0.0.0]    
       OID
  IP
Destination Address                            
[9.3.6.177]           BDC
  IP
Destination Mask                               
[255.255.255.255]
* Apply to Source Routing? (PERMIT/inbound only)    
[yes]
+                                                     
                  PAGE
* Protocol                                         
[all]                  16
+                                                  
                       OF
* Source Port / ICMP Type Operation                
[any]                  19
+
* Source Port Number / ICMP Type                    
[0]
#
* Destination Port / ICMP Code Operation            
[eq]
+
* Destination Port Number / ICMP Type               
[21]
#
* Routing                                           
[both]
+                                                     
                   OID
* Direction                                        
[both]                BDC
+
* Log Control                                       
[no]
+                                                     
                  PAGE
* Fragmentation Control                            
[all packets]          17
+                                                  
                       OF
* Tunnel ID                                        
[0]                    19
+#
* Interface                                         
[all]
+
.
9. Activate the filter rules by backing back out into
the "Advanced IP
Security
Configuration" screen:
.
# smitty ipsec4                                       
                   OID
   Advanced IP Security Configuration          
                          BDC
     Activate/Update/Deactivate IP Security Filter
Rule
     Activate / Update
.                                                     
                  PAGE
10. If you've made it this far, you should now be
able to FTP to            18
9.3.6.177                                          
                       OF
ONLY if you're on the 9.3.6.180 box. Any other
machines attempting to       19
FTP to 9.3.6.177 will fail.

use port 121 for ftp and 123 for telnet.

Back to IBM: AIX FAQ Index
Back to IBM: AIX Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close