Re: inetd question
On Jun 17, Michael Meskes wrote:
> Yes, I use a proxy and both proxy and www-client run on the same
> machine. But it appears the ident calls came from my firewall where I
> run a http-gw.
>
> You're absolutely right that I should get rid of that traffic. There is
> no need for the firewall to ask identd on a local machine. But it should
> ask identd for connections from outside. Can I configure tcpd so that it
> only ask outside machines? Currently I have ALL:@@ALL in my
> /etc/hosts.allow file. Would it suffice to add a line http-gw:
> ALL@172.26? Our local network is 172.26.0.0.
I guess the following things would help:
- replace ALL:@@ALL by ALL:ALL (no ident lookups by default) or
maybe ALL EXCEPT http-gw:@@ALL (lookups for every service except http-gw)
or
- http-gw:172.26. @@ALL (or http-gw:172.26. ALL@ALL)
This line would allow access from 172.26.x.x without ident lookup.
Every other address would cause an ident lookup.
or
- use ipfwadm to protect the ident port
Thanks,
Peter
--
Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org> <tobias@linux.de>
PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02 04 62 89 6C 2F DD F1 3C
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: