Firewall Wizards mailing list archives

Re: Binding inetd to ip

From: "Frank Heinzius" <frimp () mms de>
Date: Thu, 27 Jan 2000 14:27:06 +0100

Hi,

On 25 Jan 00, at 11:22, Nicholas Tang wrote:

Is it possible to bind inetd to a specific ip address/ethernet card under
linux?  I haven't been able to find any info myself, but the reason I
ask is because I currently am running a nameserver that has two network
cards.


AFAIK, you can´t set the IP address in inetd.conf. But you can set it up 
in most servers, like you already did (I think so ;-) in named and sshd.

If you want to disable certain packets destined for certain interfaces, 
use ipchains. Rudimentary example:

/sbin/ipchains -A input -i eth1 -p udp --destination-port 57 -j ACCEPT
/sbin/ipchains -A input -i eth1 -p tcp --destination-port 57 -j ACCEPT
/sbin/ipchains -A input -i eth1 -l -p tcp -j DENY
/sbin/ipchains -A input -i eth1 -l -p udp -j DENY
/sbin/ipchains -A input -i eth1 -l -p icmp -j DENY

(perhaps you can omit -p xxx and block everything in one rule).

I bound ssh to the first card and am running xntpd on there as well
(does
that have to actually bind to a port?  Is there any way to stop that?  
If not is there any way to at least limit it to one card/ip?  Would I be
better off just running ntpdate once an hour?) and then I'm running


You don´t need xntpd to just obtain the ntp time. But if you want to act 
as a time relay server to your network, you need it. Have a look at the 
docs for xntpd, you can set it up as listen-only without serving. Or use 
ntpdate in a cron entry.


Any ideas on anything else I can clean up?  Also, I don't mean to sound
ignorant but anyone have any idea what's listening on 1024, 1, 6 ,and
17?  It's a Redhat 6.0 box, if that helps.


I don´t know what 1024 is...
but 1,6,17 are the protocol numbers for icmp, tcp and udp and are RAW 
sockets, and necessary, so don´t worry about them.



Kind Regards / Mit freundlichen Gruessen,

--
Frank M. Heinzius                       MMS Communication AG         .~.
mailto:frimp () mms de                     Eiffestrasse 598             /V\
http://www.mms.de                       20537 Hamburg, Germany      // \\
Phone: +49 40 211105-40                 Fax: +49 40 210 32 210     /(   )\
PGP Pingerfrimp: 635E AFB4 6BF0 156E 4615  8C67 F258 C9F6 3595 80ED ^^-^^

Current thread:

Binding inetd to ip Nicholas Tang (Jan 26)
- Re: Binding inetd to ip Borbely Zoltan (Jan 28)
- Re: Binding inetd to ip Frank Heinzius (Jan 28)
- <Possible follow-ups>
- Re: Binding inetd to ip dwelch (Jan 28)
  - Re: Binding inetd to ip John White (Jan 29)
- RE: Binding inetd to ip jan . schultheiss (Jan 28)
- RE: Binding inetd to ip Ewing, Timothy K. (Jan 31)