|
Previous | Table of Contents | Next |
Description
tn-gw provides pass-through telnet proxy services with logging and access control. When tn-gw is invoked from inetd, it reads its configuration and checks to see if the system that has just connected is permitted to use the proxy. If not, tn-gw shuts down the connection, displays a message, and logs the connection. If the peer is permitted to use the proxy, tn-gw enters a command loop in which it waits for a user to specify:
c[onnect] hostname [port] Connects to a host. sol-> telnet otter Trying 192.33.112.117 Connected to otter. Escape character is ^]. otter telnet proxy (Version V1.0) ready: tn-gw-> help Valid commands are: connect hostname [port] x-gw [display] help/? quit/exit tn-gw-> c hilo HP-UX hilo A.09.01 A 9000/710 (ttys1) login: Remote server has closed connection Connection closed by foreign host. sol->
Because of limitations in some telnet clients, options negotiation may possibly fail; such an event will cause characters not to echo when typed to the tn-gw command interpreter.
x-gw [display/hostname]
The x-gw option invokes the x-gateway for connection service to the users display. The default display (without the argument) is the connecting hostname followed by port number 0.0.
Options
tn-gw reads its configuration rules and permissions information from the firewall configuration table netperm-table, where it retrieves the rules specified for tn-gw. The following configuration rules are recognized:
userid user
This option specifies a numeric user-id or the name of a password file entry. If this value is specified in-gw will set its user-id before providing service. Note that this option is included mostly for completeness; tn-gw performs no local operations that are likely to introduce a security hole.
directory pathname
directory specifies a directory to which tn-gw will chroot(2) prior to providing service.
prompt string
The prompt option specifies a prompt for tn-gw to use while it is in command mode.
denial-msg filename
denial-msg specifies the name of a file to display to the remote user if he or she is denied permission to use the proxy. If this option is not set, a default message is generated.
timeout seconds
The timeout option specifies the number of seconds the system should remain idle before it disconnects the proxy. Default is no timeout.
welcome-msg filename
welcome specifies the name of a file to display as a welcome banner after a successful connection. If this option is not set, a default message is generated.
help-msg filename
The help option specifies the name of a file to display if the help command is issued. If this option is not set, a list of internal commands is printed.
denydest-msg filename
The denydest-msg option specifies the name of a file to display if a user attempts to connect to a restricted remote server. If this option is not set, a default message is generated.
authserver hostname [portnumber [cipherkey]]
The authserver option specifies the name or address of a system to use for network authentication. If tn-gw is built with a compiled-in value for the server and port, these values will be used as defaults but can be overridden if specified as above with the authserver clause. If the server supports DES-encryption of traffic, an optional cipherkey can be provided to secure communications with the server.
hosts host-pattern [host-pattern2 ] [ options]
The hosts rules specify host and access permissions. Typically, a hosts rule will be in the form of:
tn-gw: deny-hosts unknown tn-gw: hosts 192.33.112.* 192.94.214.*
Previous | Table of Contents | Next |