Fw: Can a daemon listen only on some interfaces?
grr...forgot to reply to list...
----- Original Message -----
From: Phillip Hofmeister <plhofmei@svsu.edu>
To: Guido Hennecke <g.hennecke@t-online.de>
Sent: Saturday, December 08, 2001 3:10 PM
Subject: Re: Can a daemon listen only on some interfaces?
> OR....you could use IPCHAINS or IPTABLES to REJECT (or DENY) the interface
> on that port....
> ----- Original Message -----
> From: Guido Hennecke <g.hennecke@t-online.de>
> To: <debian-security@lists.debian.org>
> Cc: Michael Wood <mwood@its.uct.ac.za>
> Sent: Saturday, December 08, 2001 2:09 PM
> Subject: Re: Can a daemon listen only on some interfaces?
>
>
> > At 08.12.2001, Michael Wood wrote:
> > > On Sat, Dec 08, 2001 at 07:40:06PM +1000, mdevin@ozemail.com.au wrote:
> > [...]
> > > > So my question is:
> > > > Is there some way to make certain daemons, (say postfix)
> > > > listen only on some interfaces? For example, I have
> > > > everything firewalled from outside, so I really only need
> > > > postfix to listen on the loopback interface for local
> > > > connections. Is this possible?
> > > It's technically possible, but this depends on if the particular
> > > daemon has support for this. Postfix does.
> >
> > It is a little bit different on Linux:
> >
> > It is not possible to configure a deamon to listen on an interface only.
> > It is only possible to bind it to an ip address.
> >
> > The problem on linux is, that all local ip addresses are reachable over
> > all local interfaces. The only problem is the routing and that depends
> > on your infrastructure.
> >
> > But it is posible to use a packetfilter and configure it, that packets
> > for an interface must come in over the target interface.
> >
> > Regards, Guido
> > --
> > Nur weil Du paranoid bist, heisst das noch lange nicht, dass Du nicht
> > verfolgt wirst.
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> >
> >
> >
>
>
Reply to: