Re: Binding inetd to ip

From: Frank Heinzius (frimpat_private)
Date: Thu Jan 27 2000 - 05:27:06 PST

Next message: Robert Graham: "Re: Firewall issue - any advice"

Previous message: Scott, Richard: "Heavy Load on Firewalls"
Maybe in reply to: Nicholas Tang: "Binding inetd to ip"
Next in thread: dwelchat_private: "Re: Binding inetd to ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On 25 Jan 00, at 11:22, Nicholas Tang wrote:

> Is it possible to bind inetd to a specific ip address/ethernet card under
> linux?  I haven't been able to find any info myself, but the reason I
> ask is because I currently am running a nameserver that has two network
> cards.
> 

AFAIK, you can´t set the IP address in inetd.conf. But you can set it up 
in most servers, like you already did (I think so ;-) in named and sshd.

If you want to disable certain packets destined for certain interfaces, 
use ipchains. Rudimentary example:

/sbin/ipchains -A input -i eth1 -p udp --destination-port 57 -j ACCEPT
/sbin/ipchains -A input -i eth1 -p tcp --destination-port 57 -j ACCEPT
/sbin/ipchains -A input -i eth1 -l -p tcp -j DENY
/sbin/ipchains -A input -i eth1 -l -p udp -j DENY
/sbin/ipchains -A input -i eth1 -l -p icmp -j DENY

(perhaps you can omit -p xxx and block everything in one rule).

> I bound ssh to the first card and am running xntpd on there as well
> (does
> that have to actually bind to a port?  Is there any way to stop that?  
> If not is there any way to at least limit it to one card/ip?  Would I be
> better off just running ntpdate once an hour?) and then I'm running

You don´t need xntpd to just obtain the ntp time. But if you want to act 
as a time relay server to your network, you need it. Have a look at the 
docs for xntpd, you can set it up as listen-only without serving. Or use 
ntpdate in a cron entry.

> 
> Any ideas on anything else I can clean up?  Also, I don't mean to sound
> ignorant but anyone have any idea what's listening on 1024, 1, 6 ,and
> 17?  It's a Redhat 6.0 box, if that helps.
> 

I don´t know what 1024 is...
but 1,6,17 are the protocol numbers for icmp, tcp and udp and are RAW 
sockets, and necessary, so don´t worry about them.

Kind Regards / Mit freundlichen Gruessen,

--
Frank M. Heinzius                       MMS Communication AG         .~.
mailto:frimpat_private                     Eiffestrasse 598             /V\
http://www.mms.de                       20537 Hamburg, Germany      // \\
Phone: +49 40 211105-40                 Fax: +49 40 210 32 210     /(   )\
PGP Pingerfrimp: 635E AFB4 6BF0 156E 4615  8C67 F258 C9F6 3595 80ED ^^-^^

Next message: Robert Graham: "Re: Firewall issue - any advice"
Previous message: Scott, Richard: "Heavy Load on Firewalls"
Maybe in reply to: Nicholas Tang: "Binding inetd to ip"
Next in thread: dwelchat_private: "Re: Binding inetd to ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:32 PDT