Protocol Encapsulation

Sam Couter sam at
Mon Aug 6 18:06:18 EST 2001

Mark Hummel <mhummel at> wrote:
> I thought I would have to give more detail. Basically, there are three
> machines. One of these machines will be the "server". The other two
> machines (all machines are on a private network) will be clients. I wanted
> all services to have a single wrapper. This wrapper would enforce things
> like only allowing those two clients access to the services on the server.

Ah, then you want packet filtering or TCP wrappers.

Packet filtering (firewalling):
For a 2.2 kernel, look for stuff about ipchains.
For a 2.4 kernel, look for stuff about iptables.
Google is your friend.

TCP wrappers:
man hosts.allow and hosts.deny and tcpd. If your services are not running
from inetd, you'll need to make sure they use libwrap. If they don't, you'll
have to use packet filtering or use whatever access controls they provide

Hope this helps.
Sam Couter          |   Internet Engineer   |
sam at    |   tSA Consulting      |
OpenPGP key ID:       DE89C75C,  available on key servers
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :

More information about the linux mailing list