32
Chapter 4: Managing Terminal Services
Used together, these access controls and log files allow you to have much more control
over the connections to and from your system than you have when you use the standard
IRIX TELNET and rlogin programs.
Note that you can use the TELNET proxy without the rlogin proxy, or rlogin without
TELNET. You can configure different policies for hosts and authentication, as well.
How the Proxies Work
In the default configuration, the IRIX system runs the network access control daemon
(netacl) as a daemon listening for requests on the standard TELNET port (23). Whenever
the firewall receives a TELNET request on this port, the netacl daemon checks its
configuration information (in the netperm-table file) and determines whether the
initiating host has permission to use TELNET. If the host has permission, the netacl
daemon starts the standard TELNET program (telnetd) or the TELNET proxy (tn-gw),
depending upon the originating host. If the host does not have permission, the daemon
displays an error message. Similarly, the netacl daemon running on the standard login
(513) starts either the rlogin daemon (rlogind) or the rlogin proxy (rlogin-gw).
The default policy for this scenario is to allow all inside hosts to initiate TELNET or rlogin
sessions without authenticating. The inside host passes TELNET requests to the firewall,
which starts the netacl daemon. The netacl daemon checks its permissions, and
determines that the inside host can use TELNET. The netacl daemon starts the proxy. The
proxy logs the transaction and passes the request to the outside host. The proxy remains
active until either side closes the connection.
The default policy for this scenario allows outside hosts to initiate TELNET or rlogin
sessions after authenticating. The outside host passes TELNET requests to the firewall,
which starts the netacl daemon. The netacl daemon checks its permissions, and
determines that the outside host can use TELNET. The netacl daemon starts the proxy.
The proxy prompts the user for authentication. If it is successful, the proxy prompts the
user for the inside host, logs the transaction, and passes the request to the inside host. The
proxy remains active until either side closes the connection.
Note that users are not logging into the firewall directly. While users use the proxy on the
firewall for authentication, the proxy simply passes the user’s TELNET or rlogin session
on to the appropriate host.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......