Re: Can a daemon listen only on some interfaces?
On Sat, Dec 08, 2001 at 08:09:50PM +0100, Guido Hennecke wrote:
> At 08.12.2001, Michael Wood wrote:
> > On Sat, Dec 08, 2001 at 07:40:06PM +1000, mdevin@ozemail.com.au wrote:
> [...]
> > > So my question is:
> > > Is there some way to make certain daemons, (say postfix)
> > > listen only on some interfaces? For example, I have
> > > everything firewalled from outside, so I really only need
> > > postfix to listen on the loopback interface for local
> > > connections. Is this possible?
> > It's technically possible, but this depends on if the particular
> > daemon has support for this. Postfix does.
>
> It is a little bit different on Linux:
>
> It is not possible to configure a deamon to listen on an
> interface only. It is only possible to bind it to an ip
> address.
That's splitting hairs ;)
> The problem on linux is, that all local ip addresses are
> reachable over all local interfaces. The only problem is the
> routing and that depends on your infrastructure.
>
> But it is posible to use a packetfilter and configure it, that
> packets for an interface must come in over the target
> interface.
Indeed.
--
Michael Wood <mwood@its.uct.ac.za>
Reply to: