[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: inetd question

Yes, I use a proxy and both proxy and www-client run on the same
machine. But it appears the ident calls came from my firewall where I
run a http-gw. 

You're absolutely right that I should get rid of that traffic. There is
no need for the firewall to ask identd on a local machine. But it should
ask identd for connections from outside. Can I configure tcpd so that it
only ask outside machines? Currently I have ALL:@@ALL in my
/etc/hosts.allow file. Would it suffice to add a line http-gw:
ALL@172.26? Our local network is


Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10

>-----Original Message-----
>From:	Peter Tobias [SMTP:tobias@et-inf.fho-emden.de]
>Sent:	Tuesday, June 17, 1997 2:37 AM
>To:	Kai Henningsen
>Cc:	Die Adresse des Empfängers ist unbekannt.
>Subject:	Re: inetd question
>As far as I know Michael uses a proxy in the same lan (maybe the client
>also runs on this machine). When you get some pages from the local
>proxy and the proxy does an ident lookup for each connection you'll get
>lots of ident lookups (getting pages from the proxy is quite fast so
>you'll get lots of lookups in a very short time).
>> > Using "nowait.120" is of course a solution but it is probably better
>> > to find the application that is causing the problem.
>> It is not clear that there is a problem, other than heavy use. There may  
>> be, of course, such as ident queries actually causing more ident queries,  
>> but we don't know yet if something like that happens.
>Getting more than 40 ident lookups a minute is not a usual situation. The
>best solution is to find the reason (the sender!) of the ident requests
>(if it is a local service/system the ident lookups for that service/system
>should probably be turned off). Setting the limit to 120 will keep the
>system running but won't reduce the (maybe unnecessary) traffic. If the
>number of requests can't be reduced the identd should be run in standalone
>Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org>
>PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02  04 62 89 6C 2F DD F1
>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>debian-devel-request@lists.debian.org . 
>Trouble?  e-mail to templin@bucknell.edu .

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble?  e-mail to templin@bucknell.edu .

Reply to: