Re: question about ipchains on dual interface machine
On Wed, Oct 10, 2001 at 06:57:20PM -0400, Mike Dresser wrote:
> > What about configuring services to listen only on one _specific_
> > interface/ip? (In your case Y) So you perhaps don't have to take care about
> > an confusing firewall setup... hiding services is not the way[tm] to make or
> > keep a network secure.
> Problem is the interface can vary, cause pppd isn't guaranteed to pickup
> the same ppp0/ppp1/etc.
You don't have to bind on the dynamic (external) interface. The address of
the internal one shouldn't change, right? So tell your services to bind this
> I agree fully, problem is I don't think things like telnet, netbios, etc
> etc are going to all let me pick an interface/ip.
If you're a superserver like x?inetd then look wheather they can restrict
access/bindings. I think that at least xinetd can.