[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Listening Ports



(apologies to anyone who receives this twice; I believe I had exim not
listening the first time I sent it!)

* Alexander Reelsen (ref@tretmine.org) [010910 01:24]:
> On Sun, Sep 09, 2001 at 06:31:57PM -0400, hpknight wrote:
> > It depends on the process that is binding the port.  If you're using
> > xinetd you can specify which interface to bind the port on.  If the
> > program/daemon doesn't allow you to specify interfaces, then you're stuck
> > .. unless you want to do some fancy stuff with ipchains/iptables to
> > redirect ports, or hack up the daemon.
> inetd also has this feature (not very well documented).
> use service@ip in inetd.conf in order to use that feature.
How's that? in my example, I'd like exim to bind only to the loopback
interface. I tried either of these 2 lines, with the respective error
from /var/log/daemon.log following each:


smtp@127.0.0.1         stream  tcp     nowait  mail    /usr/sbin/exim exim -bs

Sep 10 17:32:28 gobo inetd[14915]: smtp@127.0.0.1/tcp: unknown service

smtp@lo         stream  tcp     nowait  mail    /usr/sbin/exim exim -bs

Sep 10 17:42:11 gobo inetd[14992]: smtp@lo/tcp: unknown service

This is on sid, with
ii  netkit-inetd             0.10-8                   The Internet Superserver

I googled around for a while and found no mention anywhere of the
functionality you mention in inetd. If you know how, I'd appreciate it.

> xinetd is nicer, anyway :-)

Agreed. The other boxes I admin use xinetd.

> 
> First binding then firewalling is a bad idea, someone might be able to
> access that service via spoofing or other dirty tricks...

Agreed again. I generally like to bind only to the interface I want to
receive connections on, and in addition, use tcp wrappers and firewall
rules to make for redundant security.


-- 
Vineet                                   http://www.anti-dmca.org
Unauthorized use of this .sig may constitute violation of US law.
echo Qba\'g gernq ba zr\!             |tr 'a-zA-Z' 'n-za-mN-ZA-M'

Attachment: pgpnsL0buAUAv.pgp
Description: PGP signature


Reply to: