Hello,
My original question was :
>Some of our students work on a project which allows users to type
>% telnet goztepe.ege.edu.tr 4800
>to connect to the service they implement.
>But they want users type telnet xx.yy.edu.tr and directly connect to
>this service.
>What they want is: xx.yy.edu.tr should be the alias of goztepe.ege.edu.tr
>4800.
>Here 4800 is the port number.
>How can I define such an alias?
>Will users outside our domain also be capable of connecting in the same
>way?
-------------------------------------------------------------
Thanks to the following who responded to my question:
"Mr. Jolt Cola" <msmith_at_quix.robins.af.mil>
"Michael R. Kline" <mike_at_lib.utexas.edu>
Tom Webster <webster_at_i5142311.mdc.com>
Wes Chalfant <wes_at_peabody.com>
Hellebo Knut <Knut.Hellebo_at_nho.hydro.com>
-------------------------------------------------------------
Here are the answers that I received:
Date: Mon, 26 Aug 1996 09:21:09 -0400 (EDT)
From: "Mr. Jolt Cola" <msmith_at_quix.robins.af.mil>
To: Zehra Soysert <soysert_at_bornova.ege.edu.tr>
Subject: Re: alias
What you want to do is run the project server on port 23 which is the
default port for telnetd (telnet).
You must edit /etc/services to remove telnet and probably /etc/inetd.conf
to not start the telnetd.
You will probably then run into more problems dealing with telnet protocol
negotiation. Most servers of this type don't handle the inline IAC
and DO/DONT/WILL/WONT commands for the option negotiation correctly.
This is a good project as well.
-----------------------------------------------------------
Date: Mon, 26 Aug 1996 09:10:48 -0500
From: "Michael R. Kline" <mike_at_lib.utexas.edu>
To: Zehra Soysert <soysert_at_bornova.ege.edu.tr>
Subject: Re: alias
The problem is that the default port for telnet is port 23. When a
telnet client tries to connect to another machine, it defaults to port
23 from the client side (most PC clients are coded that way, UNIX
clients look up telnet in their local /etc/services file and use that
port number which is typically 23).
The solution is to do the following:
1) In /etc/services, define another telnet service (say telnet2) on an
unused port.
2) In /etc/inetd.conf, change the line defining telnet to define
telnet2 ie,
telnet2 stream tcp nowait root /usr/sbin/telnetd telnetd
3) In /etc/inetd.conf, define telnet to be the service you want at port
4800.
The reason you need to redefine telnet inside inetd.conf instead of just
moving it to another port in /etc/services is that any application
trying to telnet out will look up telnet in /etc/services to find the
port that it will try to connect to on the remote machine (and, most
likely, fail miserably).
4) kill -1 inetd_process_id
------------------------------------------------------------------
Date: Mon, 26 Aug 1996 10:14:56 -0700
From: Tom Webster <webster_at_i5142311.mdc.com>
To: soysert_at_bornova.ege.edu.tr
Subject: Re: alias
(1) Have them just create an alias in their shell's startup files.
i.e. alias imlazy='telnet xx.yy.edu.tr 4800' for bash and ksh.
(2) Pull in the source for telnet (BSD and/or Linux sites should have it)
and change the default port and service name to match your needs.Make
sure it is registered in /etc/services and /etc/inetd.conf with a
different name than telnet.
(3) Mangle your /etc/services and /etc/inetd.conf to use thier client/server
rather than telnet and telnet.d. This will prevent anyone from telnetting
to your system (without providing an alternate port number).
Users outside your domain will be able to connect if they defaine the aliases
or gat the new binary (options 1 or 2) or if you go with option 3 they
won't have to do anything. This assumes that there aren't any firewalls
in the way.
If the service is started by inetd, as opposed to running all the time,you
can use TCPWrappers to limit access to the service (if that is what you want).
This would allow you to allow or deny service based on address/subnet
and/or hostname/domain.
If I were going to do this and were forced to make things a simple as possible
for them, I'd:
(a) Make sure that port 4800 was associated with their service in the
/etc/services file, so at a minimum they could do:
telnet xx.yy.edu.tr servicename
(b) Look into modifying the telnet source code to use the new service.
------------------------------------------------------------------
Date: Mon, 26 Aug 1996 10:28:19 -0700
From: Wes Chalfant <wes_at_peabody.com>
To: soysert_at_bornova.ege.edu.tr
Subject: Re: alias
Basically, if you want to use the same host for both normal
telnet and this alternate service, you need some what to distinguish
the two uses besides the hostname. The problem is that the hostname
gets translated to an IP address, and that is used to make the
connection. If xx.yy.edu.tr and goztepe.ege.edu.tr map to the same IP
address, then there won't be any way to tell a "normal" telnet (one
that used goztepe.ege.edu.tr to lookup the IP address) from a
"special" telnet (one that used xx.yy.edu.tr to lookup the IP
address).
To work around this, you can assign a different IP address to
xx.yy.edu.tr but still have it map to the same host using the name
network connection. This goes by various names ("multihoming", "IP
aliases", etc.) and is supported by DEC Unix (there have been other
postings to this mailing list that describe how to do this).
This only solves part of your problem, though. You'll have to
configure inetd to invoke a non-standard telnetd which checks the IP
address that was used to connect and starts up either the normal
telnetd (if the standard IP address was used) or something else (if
the special (xx.yy.edu.tr) IP was used). A good starting point for
the replacement telnetd is probably the tcp_wrappers utility developed
by Wietse Venema; you can get the sources from cert.org:/pub/tools,
ftp.uu.net:/pub/security, ftp.win.tue.nl:/pub/security and other
archives. This package contains a general utility (tcpd) that checks
access rights based on a number of rules before allowing connection to
the "normal" server program; you could modify it to look at the local
address used to connect and invoke one of two different programs based
on the IP address.
The easiest way to configure this is probably to just execute
the "special" telnet directly this way. In other words, have this
special telnetd code invoke the same program that you currently have
configured via inetd.conf to be run from port 4800 when a connection
is made using the "special" IP address.
There are other ways to attack this problem, but this is
probably closest to what you want. If you have host whose telnet
daemon is not normally used, you could map xx.yy.edu.tr to that
host and run an application level proxy on that system that passes
telnet traffic through to goztepe.ege.edu.tr:4800. For this you could
use "plug-gw" from the Trusted Information Systems firewall toolkit
(see
http://www.tis.com/docs/products/fwtk/index.html).
------------------------------------------------------------------
Date: Mon, 26 Aug 1996 10:41:04 -0700
From: Wes Chalfant <wes_at_peabody.com>
To: soysert_at_bornova.ege.edu.tr
Subject: more on Re: alias
It appears that the latest versions of tcp_wrappers may
already have the facilities you need to run different telnetd daemons
based on the IP address used to connect to the server. You could
compile tcp_wrappers with PROCESS_OPTIONS defined and use the "twist"
option in hosts_options.
------------------------------------------------------------------
Date: Mon, 26 Aug 1996 15:24:38 +0200
From: Hellebo Knut <Knut.Hellebo_at_nho.hydro.com>
To: Zehra Soysert <soysert_at_bornova.ege.edu.tr>
Subject: Re: alias
Try getting the tcp_wrappers from ftp.win.tue.nl and see what they can do
for you
--------------------------------------------------------------
Thanks for all
Zehra
Received on Thu Aug 29 1996 - 14:23:57 NZST