In <[log in to unmask]> [log in to unmask] writes:
> Has anyone installed 2 network cards on an HP3000 ?
Yup.
> If so, can I disable ftp, vtmgr etc on the 2nd card to secure it. As
> you can guess, this will be the card exposed to the world.
Don't think so. You can restrict access to inetd-controlled services by their
source address, but if I recall correctly, most network calls on the 3000
can't tell which network interface a connection request came in on (other
than guessing based on knowledge of which network addresses are reachable
from where).
I believe the best you can do:
-Control inetd-controlled services with the inetdsec file (restrict connect-
ions to 'known' source addresses)
-Implement option-logon UDC checks that verify the incoming (source) address
of any logon (easily done using the CI Vars already set by MPE)
or put a good firewall between your 3000 and the "world".
-Chris (remove nospam) Bartram