From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 23 12:52:48 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0895216A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 23 Jul 2004 12:52:48 +0000 (GMT)
Received: from mail.8ball.co.za (8ball.co.za [196.22.201.157])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2570C43D1F
	for <freebsd-questions@freebsd.org>;
	Fri, 23 Jul 2004 12:52:38 +0000 (GMT)
	(envelope-from nelis@8ball.co.za)
Received: (qmail 32460 invoked by uid 89); 23 Jul 2004 12:52:30 -0000
Received: from unknown (HELO ?192.168.10.9?) (192.168.10.9)
  by 192.168.10.1 with SMTP; 23 Jul 2004 12:52:30 -0000
From: Nelis Lamprecht <nelis@8ball.co.za>
To: Graham Bentley <gbentley@uk2.net>
In-Reply-To: <3.0.6.32.20040723132012.007d8e50@mail.uk2.net>
References: <3.0.6.32.20040723132012.007d8e50@mail.uk2.net>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="=-btt7LvhQM1x4lWu40Al1"
Organization: 8ball Network Solutions
Message-Id: <1090587161.14691.10.camel@nelis.brabys.co.za>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Fri, 23 Jul 2004 14:52:55 +0200
cc: freebsd-questions@freebsd.org
Subject: Re: Best way to limit SSH to LAN IP's only ?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: nelis@8ball.co.za
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2004 12:52:48 -0000


--=-btt7LvhQM1x4lWu40Al1
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2004-07-23 at 14:20, Graham Bentley wrote:
> Hi All,
>=20
> Wondered what is the best way to do this ?
>=20
> Do I have to get involved with host.allow / deny
> or better to use the sshd config ?
>=20

If this system has 2 interfaces, one LAN and one Internet then all you
need to do is configure sshd to listen on the LAN interface.

in sshd_config:

ListenAddress your.lan.interface.ip

Regards,
--=20
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."

--=-btt7LvhQM1x4lWu40Al1
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBAQoZQfIMKiRMCrERAo1FAKCywwmGIoc7O5pyUUDEnAXSXJfLqACgwl2d
EzguadL4hqwB/C6LfUVLR1o=
=evok
-----END PGP SIGNATURE-----

--=-btt7LvhQM1x4lWu40Al1--