From:	CRDGW2::CRDGW2::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX" 27-JUN-1989 03:49
To:	MRGATE::"ARISIA::EVERHART"
Subj:	Re: TCP/IP and restricting access to Telnet and FTP servers

Received: From KL.SRI.COM by CRVAX.SRI.COM with TCP; Mon, 26 JUN 89 23:45:36 PDT
Received: from TGV.COM by KL.SRI.COM with TCP; Mon, 26 Jun 89 23:17:12 PDT
Date:     Mon, 26 Jun 89 23:14:51 PDT
From: adelman@TGV.COM (Kenneth Adelman)
Reply-To: Adelman@TGV.COM (Kenneth Adelman)
Message-Id: <890626230817.1c7@TGV.COM>
Subject:  Re: TCP/IP and restricting access to Telnet and FTP servers
To: ijah400%ivax.decnet@gold.bacs.indiana.edu
Cc: info-vax@kl.sri.com

> We have recently installed the Wollongong WIN/TCP software for VMS.  For
> certain network services, we would like to control access depending on
> the host name or IP address; for example, to prevent persons from using
> Telnet from a terminal server when we know LAT is available on that server,
> or restrict FTP or Telnet logins to clients running on certain "trusted"
> hosts, etc.

> P.S.: If you know of any other TCP/IP implementations that have this feature,
> I wouldn't mind hearing about that either.

    The ability to restrict access on the basis of source IP address
or network number is a standard part of our Multinet TCP/IP product.
In addition to restrictions, you can also specify various auditing
parameters to allow, but log connections, and you can provide a
user-written sharable image with an entry point which gets called with
information about the connection request, so you can do anything you'd
like which we hadn't thought of.

    For more information about MultiNet, FTP the file MULTINET.FLYER
from the ANONYMOUS directory on TGV.COM or send me mail asking for a copy.

						Kenneth Adelman
						TGV, Inc.

