Re: inetd question
- To: Michael Meskes <email@example.com>
- Cc: firstname.lastname@example.org
- Subject: Re: inetd question
- From: Peter Tobias <email@example.com>
- Date: Wed, 18 Jun 1997 14:15:57 +0200
- Message-id: <19970618141557.08357@zaphod>
- In-reply-to: <c=DE%a=_%p=topsystem%l=EINSTEIN-970617091253Zfirstname.lastname@example.org>; from Michael Meskes on Tue, Jun 17, 1997 at 11:12:53AM +0200
- References: <c=DE%a=_%p=topsystem%l=EINSTEIN-970617091253Zemail@example.com>
On Jun 17, Michael Meskes wrote:
> Yes, I use a proxy and both proxy and www-client run on the same
> machine. But it appears the ident calls came from my firewall where I
> run a http-gw.
> You're absolutely right that I should get rid of that traffic. There is
> no need for the firewall to ask identd on a local machine. But it should
> ask identd for connections from outside. Can I configure tcpd so that it
> only ask outside machines? Currently I have ALL:@@ALL in my
> /etc/hosts.allow file. Would it suffice to add a line http-gw:
> ALL@172.26? Our local network is 172.26.0.0.
I guess the following things would help:
- replace ALL:@@ALL by ALL:ALL (no ident lookups by default) or
maybe ALL EXCEPT http-gw:@@ALL (lookups for every service except http-gw)
- http-gw:172.26. @@ALL (or http-gw:172.26. ALL@ALL)
This line would allow access from 172.26.x.x without ident lookup.
Every other address would cause an ident lookup.
- use ipfwadm to protect the ident port
Peter Tobias <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org>
PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02 04 62 89 6C 2F DD F1 3C
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .