[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: inetd question

On Jun 17, Michael Meskes wrote:
> Yes, I use a proxy and both proxy and www-client run on the same
> machine. But it appears the ident calls came from my firewall where I
> run a http-gw. 
> You're absolutely right that I should get rid of that traffic. There is
> no need for the firewall to ask identd on a local machine. But it should
> ask identd for connections from outside. Can I configure tcpd so that it
> only ask outside machines? Currently I have ALL:@@ALL in my
> /etc/hosts.allow file. Would it suffice to add a line http-gw:
> ALL@172.26? Our local network is

I guess the following things would help:

- replace ALL:@@ALL  by  ALL:ALL (no ident lookups by default) or
  maybe  ALL EXCEPT http-gw:@@ALL (lookups for every service except http-gw)


- http-gw:172.26. @@ALL   (or http-gw:172.26. ALL@ALL)
  This line would allow access from 172.26.x.x without ident lookup.
  Every other address would cause an ident lookup.


- use ipfwadm to protect the ident port



Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org> <tobias@linux.de>
PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02  04 62 89 6C 2F DD F1 3C 

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: