From owner-freebsd-questions Tue May 8 20:20: 3 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 0509837B423 for ; Tue, 8 May 2001 20:19:50 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 97144 invoked by uid 100); 9 May 2001 03:19:48 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15096.46932.622324.43579@guru.mired.org> Date: Tue, 8 May 2001 22:19:48 -0500 To: Dru Cc: questions@freebsd.org Subject: Re: limit telnet access In-Reply-To: <31588347@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dru types: > Very good question, now you have me curious. Is it possible to tell a > daemon to only listen on specified interfaces, or do we instead use > firewall rules and tcpwrappers to ensure the daemon only sees the requests > we actually want it to respond to? I suspect the latter, but would be > interested in any URLs that would explain the semantics of how this works. Of course it's possible to tell a daemon to only on listen specific interfaces. Some daemons just don't listen, though :-). I don't know of any way to specify *interfaces* except with firewall rules. Not even tcp wrappers can do that. If you're willing to use IP addresses instead - like the ones that interface is configured for - then it's possible for a daemon to listen for connections only on a specific IP address, instead of on all of them. If you're running a daemon that has such an option, you can just use it. The standard telnetd supplied with FreeBSD doesn't listen to ports - it's started from inetd. Inetd can be configured to bind to a specific address, so you could have one inetd that runs daemons for internal ports, and another that runs daemons for external ports - or maybe you don't want that second one. See the inetd man page for more information. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message