[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: inetd question

>Thanks Peter.
>Now my hosts.allow file reads:
># /etc/hosts.allow: list of hosts that are allowed to access the system.
> See
>#                   hosts_access(5) and
># Example:    ALL: LOCAL @some_netgroup
>#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
>http-gw: 172.26. @@ALL=20
>And it works nicely.
>Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
>meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
>meskes@debian.org                      | 52146 Wuerselen
>Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
>Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10
>>-----Original Message-----
>>From:	Peter Tobias [SMTP:tobias@et-inf.fho-emden.de]
>>Sent:	Wednesday, June 18, 1997 2:16 PM
>>To:	Michael Meskes
>>Cc:	Die Adresse des Empf=E4ngers ist unbekannt.
>>Subject:	Re: inetd question
>>On Jun 17, Michael Meskes wrote:
>>> Yes, I use a proxy and both proxy and www-client run on the same
>>> machine. But it appears the ident calls came from my firewall where I
>>> run a http-gw.=20
>>> You're absolutely right that I should get rid of that traffic. There =
>>> no need for the firewall to ask identd on a local machine. But it =
>>> ask identd for connections from outside. Can I configure tcpd so that =
>>> only ask outside machines? Currently I have ALL:@@ALL in my
>>> /etc/hosts.allow file. Would it suffice to add a line http-gw:
>>> ALL@172.26? Our local network is
>>I guess the following things would help:
>>- replace ALL:@@ALL  by  ALL:ALL (no ident lookups by default) or
>>  maybe  ALL EXCEPT http-gw:@@ALL (lookups for every service except =
>>- http-gw:172.26. @@ALL   (or http-gw:172.26. ALL@ALL)
>>  This line would allow access from 172.26.x.x without ident lookup.
>>  Every other address would cause an ident lookup.
>>- use ipfwadm to protect the ident port
>>Peter Tobias <tobias@et-inf.fho-emden.de> <tobias@debian.org>
>>PGP ID EFAA400D, fingerprint =3D 06 89 EB 2E 01 7C B4 02  04 62 89 6C =
>2F DD F1
>>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>>debian-devel-request@lists.debian.org .=20
>>Trouble?  e-mail to templin@bucknell.edu .

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: