Date: Tue, 8 May 2001 22:19:48 -0500 From: Mike Meyer <mwm@mired.org> To: Dru <genisis@istar.ca> Cc: questions@freebsd.org Subject: Re: limit telnet access Message-ID: <15096.46932.622324.43579@guru.mired.org> In-Reply-To: <31588347@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Dru <genisis@istar.ca> types: > Very good question, now you have me curious. Is it possible to tell a > daemon to only listen on specified interfaces, or do we instead use > firewall rules and tcpwrappers to ensure the daemon only sees the requests > we actually want it to respond to? I suspect the latter, but would be > interested in any URLs that would explain the semantics of how this works. Of course it's possible to tell a daemon to only on listen specific interfaces. Some daemons just don't listen, though :-). I don't know of any way to specify *interfaces* except with firewall rules. Not even tcp wrappers can do that. If you're willing to use IP addresses instead - like the ones that interface is configured for - then it's possible for a daemon to listen for connections only on a specific IP address, instead of on all of them. If you're running a daemon that has such an option, you can just use it. The standard telnetd supplied with FreeBSD doesn't listen to ports - it's started from inetd. Inetd can be configured to bind to a specific address, so you could have one inetd that runs daemons for internal ports, and another that runs daemons for external ports - or maybe you don't want that second one. See the inetd man page for more information. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15096.46932.622324.43579>