[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can a daemon listen only on some interfaces?

At 08.12.2001, Michael Wood wrote:
> On Sat, Dec 08, 2001 at 07:40:06PM +1000, mdevin@ozemail.com.au wrote:
[...]
> > So my question is:
> > Is there some way to make certain daemons, (say postfix)
> > listen only on some interfaces?  For example, I have
> > everything firewalled from outside, so I really only need
> > postfix to listen on the loopback interface for local
> > connections.  Is this possible?
> It's technically possible, but this depends on if the particular
> daemon has support for this.  Postfix does.

It is a little bit different on Linux:

It is not possible to configure a deamon to listen on an interface only.
It is only possible to bind it to an ip address.

The problem on linux is, that all local ip addresses are reachable over
all local interfaces. The only problem is the routing and that depends
on your infrastructure.

But it is posible to use a packetfilter and configure it, that packets
for an interface must come in over the target interface.

Regards, Guido
-- 
Nur weil Du paranoid bist, heisst das noch lange nicht, dass Du nicht
verfolgt wirst.
Reply to: