Re: inetd question
On Jun 17, Michael Meskes wrote:
> Yes, I use a proxy and both proxy and www-client run on the same
> machine. But it appears the ident calls came from my firewall where I
> run a http-gw.
> You're absolutely right that I should get rid of that traffic. There is
> no need for the firewall to ask identd on a local machine. But it should
> ask identd for connections from outside. Can I configure tcpd so that it
> only ask outside machines? Currently I have ALL:@@ALL in my
> /etc/hosts.allow file. Would it suffice to add a line http-gw:
> ALL@172.26? Our local network is 172.26.0.0.
I guess the following things would help:
- replace ALL:@@ALL by ALL:ALL (no ident lookups by default) or
maybe ALL EXCEPT http-gw:@@ALL (lookups for every service except http-gw)
- http-gw:172.26. @@ALL (or http-gw:172.26. ALL@ALL)
This line would allow access from 172.26.x.x without ident lookup.
Every other address would cause an ident lookup.
- use ipfwadm to protect the ident port
Peter Tobias <email@example.com> <firstname.lastname@example.org> <email@example.com>
PGP ID EFAA400D, fingerprint = 06 89 EB 2E 01 7C B4 02 04 62 89 6C 2F DD F1 3C
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .