Binding inetd to ip

From: Nicholas Tang (ntangat_private)
Date: Tue Jan 25 2000 - 08:22:23 PST

  • Next message: Neal Human: "RE: Linux firewall options"

    Is it possible to bind inetd to a specific ip address/ethernet card under
    linux?  I haven't been able to find any info myself, but the reason I
    ask is because I currently am running a nameserver that has two network
    cards.
    
    I have (chroot'ed to its own partition) bind 8.2.2-P5 bound to the second
    ethernet card and I want nothing else on that card - I want it clean
    except for port 53, basically.
    
    I bound ssh to the first card and am running xntpd on there as well (does
    that have to actually bind to a port?  Is there any way to stop that?  If
    not is there any way to at least limit it to one card/ip?  Would I be
    better off just running ntpdate once an hour?) and then I'm running
    Portsentry on the box to watch for any suspicious activity.
    
    Here's how a netstat -na looks:
    
    [root@thisbox /root]# netstat -na
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State      
    tcp        0      0 199.2.242.x:22        199.2.242.z:1092	ESTABLISHED 
    tcp        0      0 199.2.242.x:22        0.0.0.0:*               LISTEN      
    tcp        0      0 199.2.242.y:53        0.0.0.0:*               LISTEN      
    udp        0      0 199.2.242.y:123       0.0.0.0:*                           
    udp        0      0 199.2.242.x:123       0.0.0.0:*                           
    udp        0      0 127.0.0.1:123           0.0.0.0:*                           
    udp        0      0 0.0.0.0:123             0.0.0.0:*                           
    udp        0    304 0.0.0.0:1024            0.0.0.0:*                           
    udp        0      0 199.2.242.y:53        0.0.0.0:*                           
    raw        0      0 0.0.0.0:17              0.0.0.0:*               7           
    raw        0      0 0.0.0.0:6               0.0.0.0:*               7           
    raw        0      0 0.0.0.0:1               0.0.0.0:*               7           
    raw        0      0 0.0.0.0:6               0.0.0.0:*               7           
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags       Type       State         I-Node Path
    unix  0      [ ACC ]     STREAM     LISTENING     456    /dev/gpmctl
    unix  0      [ ACC ]     STREAM     LISTENING     364    /var/run/ndc
    unix  4      [ ]         DGRAM                    299    /dev/log
    unix  1      [ ]         DGRAM                    301
    /var/named/dev/log
    unix  0      [ ]         DGRAM                    2558   
    unix  0      [ ]         DGRAM                    467    
    unix  0      [ ]         DGRAM                    410    
    unix  0      [ ]         DGRAM                    362    
    unix  0      [ ]         DGRAM                    315    
    [root@thisbox /root]# 
    
    Any ideas on anything else I can clean up?  Also, I don't mean to sound
    ignorant but anyone have any idea what's listening on 1024, 1, 6 ,and
    17?  It's a Redhat 6.0 box, if that helps.
    
    Nicholas
    
    ======================================================================
    Nicholas Tang     Senior System Administrator     R/GA Digital Studios
    ntangat_private       (212) 946-4224 (voice)        (212) 946-4010 (fax)
    ======================================================================
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:05 PDT