RE: inetd question

To: "'Peter Tobias'" <tobias@et-inf.fho-emden.de>, "'Kai Henningsen'" <kai@khms.westfalen.de>
Cc: "'debian-devel@lists.debian.org'" <debian-devel@lists.debian.org>
Subject: RE: inetd question
From: Michael Meskes <meskes@topsystem.de>
Date: Tue, 17 Jun 1997 11:12:53 +0200
Message-id: <[🔎] c=DE%a=_%p=topsystem%l=EINSTEIN-970617091253Z-194@einstein.topsystem.de>

Yes, I use a proxy and both proxy and www-client run on the same
machine. But it appears the ident calls came from my firewall where I
run a http-gw. 

You're absolutely right that I should get rid of that traffic. There is
no need for the firewall to ask identd on a local machine. But it should
ask identd for connections from outside. Can I configure tcpd so that it
only ask outside machines? Currently I have ALL:@@ALL in my
/etc/hosts.allow file. Would it suffice to add a line http-gw:
ALL@172.26? Our local network is 172.26.0.0.

Michael

--
Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10

>-----Original Message-----
>From:	Peter Tobias [SMTP:tobias@et-inf.fho-emden.de]
>Sent:	Tuesday, June 17, 1997 2:37 AM
>To:	Kai Henningsen
>Cc:	Die Adresse des Empfängers ist unbekannt.
>Subject:	Re: inetd question
>
>
>As far as I know Michael uses a proxy in the same lan (maybe the client
>also runs on this machine). When you get some pages from the local
>proxy and the proxy does an ident lookup for each connection you'll get
>lots of ident lookups (getting pages from the proxy is quite fast so
>you'll get lots of lookups in a very short time).
>
>> > Using "nowait.120" is of course a solution but it is probably better
>> > to find the application that is causing the problem.
>> 
>> It is not clear that there is a problem, other than heavy use. There may  
>> be, of course, such as ident queries actually causing more ident queries,  
>> but we don't know yet if something like that happens.
>
>Getting more than 40 ident lookups a minute is not a usual situation. The
>best solution is to find the reason (the sender!) of the ident requests
>(if it is a local service/system the ident lookups for that service/system
>should probably be turned off). Setting the limit to 120 will keep the
>system running but won't reduce the (maybe unnecessary) traffic. If the
>number of requests can't be reduced the identd should be run in standalone
>mode.
>
>
>Thanks,
>
>Peter
>
>-- 
>Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org>
><tobias@linux.de>
>PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02  04 62 89 6C 2F DD F1
>3C 
>
>
>--
>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>debian-devel-request@lists.debian.org . 
>Trouble?  e-mail to templin@bucknell.edu .
>


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: inetd question
  - From: Peter Tobias <tobias@et-inf.fho-emden.de>

Prev by Date: Re: Status of Debian Policy
Next by Date: Re: inetd question
Previous by thread: Re: inetd question
Next by thread: Re: inetd question
Index(es):
- Date
- Thread