From owner-freebsd-questions  Tue May  8 12:37:41 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web11706.mail.yahoo.com (web11706.mail.yahoo.com [216.136.172.72])
	by hub.freebsd.org (Postfix) with SMTP id 651CA37B424
	for <questions@freebsd.org>; Tue,  8 May 2001 12:37:38 -0700 (PDT)
	(envelope-from tperlin@yahoo.com)
Message-ID: <20010508193738.15562.qmail@web11706.mail.yahoo.com>
Received: from [63.200.148.220] by web11706.mail.yahoo.com; Tue, 08 May 2001 12:37:38 PDT
Date: Tue, 8 May 2001 12:37:38 -0700 (PDT)
From: Tim Erlin <tperlin@yahoo.com>
Subject: limit telnet access
To: questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I have a dual-homed host with one interface to DSL and
one internal, running NAT. I'd like to run Telnet
internally, but prevent it from being used via the
external interface. 

Is the best way to do this with ipfw, e.g. leave
Telnet running on both, but deny all incoming packets
on port 23 on the external interface? 

Is ipfw (or some firewall) the only way to limit which
service run on which interfaces?

Thanks, as always.

--Tim

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message