Re: inetd question

To: "'debian-devel@lists.debian.org'" <debian-devel@lists.debian.org>
Subject: Re: inetd question
From: Michael Meskes <meskes@topsystem.de>
Date: Thu, 19 Jun 1997 15:29:21 +0200
Message-id: <[🔎] c=DE%a=_%p=topsystem%l=EINSTEIN-970619132921Z-271@einstein.topsystem.de>

>Thanks Peter.
>
>Now my hosts.allow file reads:
>
># /etc/hosts.allow: list of hosts that are allowed to access the system.
> See
>#                   hosts_access(5) and
>/usr/doc/netbase/portmapper.txt.gz
>#
># Example:    ALL: LOCAL @some_netgroup
>#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
>#
>http-gw: 172.26. @@ALL=20
>ALL: @@ALL
>
>And it works nicely.
>
>Michael
>--
>Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
>meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
>meskes@debian.org                      | 52146 Wuerselen
>Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
>Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10
>
>>-----Original Message-----
>>From:	Peter Tobias [SMTP:tobias@et-inf.fho-emden.de]
>>Sent:	Wednesday, June 18, 1997 2:16 PM
>>To:	Michael Meskes
>>Cc:	Die Adresse des Empf=E4ngers ist unbekannt.
>>Subject:	Re: inetd question
>>
>>On Jun 17, Michael Meskes wrote:
>>> Yes, I use a proxy and both proxy and www-client run on the same
>>> machine. But it appears the ident calls came from my firewall where I
>>> run a http-gw.=20
>>>=20
>>> You're absolutely right that I should get rid of that traffic. There =
>is
>>> no need for the firewall to ask identd on a local machine. But it =
>should
>>> ask identd for connections from outside. Can I configure tcpd so that =
>it
>>> only ask outside machines? Currently I have ALL:@@ALL in my
>>> /etc/hosts.allow file. Would it suffice to add a line http-gw:
>>> ALL@172.26? Our local network is 172.26.0.0.
>>
>>I guess the following things would help:
>>
>>- replace ALL:@@ALL  by  ALL:ALL (no ident lookups by default) or
>>  maybe  ALL EXCEPT http-gw:@@ALL (lookups for every service except =
>http-gw)
>>
>>or
>>
>>- http-gw:172.26. @@ALL   (or http-gw:172.26. ALL@ALL)
>>  This line would allow access from 172.26.x.x without ident lookup.
>>  Every other address would cause an ident lookup.
>>
>>or
>>
>>- use ipfwadm to protect the ident port
>>
>>
>>Thanks,
>>
>>Peter
>>
>>--=20
>>Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org>
>><tobias@linux.de>
>>PGP ID EFAA400D, fingerprint =3D 06 89 EB 2E 01 7C B4 02  04 62 89 6C =
>2F DD F1
>>3C=20
>>
>>
>>--
>>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>>debian-devel-request@lists.debian.org .=20
>>Trouble?  e-mail to templin@bucknell.edu .
>>


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: locale errors
Next by Date: Re: Looking for New Maintainers
Previous by thread: Re: inetd question
Next by thread: Unidentified subject!
Index(es):
- Date
- Thread