[pptp-server] pptp with tcpwrappers?
Godfrey
godfrey at hattaway-associates.com
Sun Sep 24 15:25:22 CDT 2000
This only works if you know the IP addresses of the clients that will connect.
What if you only know the domain name as is the case when road warriors connect
to an ISP then to pptpd? Then using tcp_wrappers to restrict who can access
PopTop is useful.
You do not need to start PopTop from tcp_wrappers you can access the
tcp_wrappers library from PopTop if you change pptdctrl.c to get it to check
with tcp_wrappers if the connection is allowed. This way you can still run it as
a daemon.
"Cowles, Steve" wrote:
> You could restrict access to your PopTop server at your firewall. i.e.
> ipchains. Then start PopTop as a daemon instead of from tcp_wrappers. This
> is how my system is configured.
>
> An example using ipchains with default input policy already set to DENY:
>
> 1.2.3.4 is remote pptp client IP address
> 5.6.7.8 is external IP address of the firewall. Also could be the same IP as
> PopTop server.
>
> ipchains -A input -p TCP -s 1.2.3.4 --dport 1723 -j ACCEPT
> ipchains -A input -p 47 -s 1.2.3.4 -d 5.6.7.8 -j ACCEPT
>
> Steve Cowles
>
> > -----Original Message-----
> > From: John Hovell [mailto:john.hovell at home.com]
> > Sent: Sunday, September 24, 2000 12:07 AM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] pptp with tcpwrappers?
> >
> >
> > Hello all --
> >
> > I am wondering if anyone has an intelligent way to run pptp
> > to restrict access to the hosts you want....
> >
> > I am trying to start it in /etc/inetd.conf... but it isn't working too
> > well... either with wait or nowait. I have the respawning disabled in
> > /etc/inittab.
> >
> > Does PoPToP support tcp_wrappers in any way, or is there a way to
> > restrict hosts in PoPToP's own config?
> >
> > Thanks,
> > John
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list