Date: Wed, 26 Jan 2005 10:02:00 +0100 From: cpghost <cpghost@cordula.ws> To: Sandy Rutherford <sandy@krvarr.bc.ca> Cc: freebsd-questions@freebsd.org Subject: Re: Restricting NFS daemons Message-ID: <41F75C88.209@cordula.ws> In-Reply-To: <16886.56708.519994.924956@szamoca.krvarr.bc.ca> References: <41F640BA.2040707@cordula.ws> <16886.56708.519994.924956@szamoca.krvarr.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Sandy Rutherford wrote: > > Hello, > > how can one configure NFS daemons (esp. mountd and rpcbind) so that they > > listen > > only on one IP address (e.g. on 192.168.1.1)? > >This isn't quite what you are asking about, but it may do the job >none-the-less. With tcp-wrappers you can restrict the IP numbers that >portmapper will listen to. Have a look in /etc/hosts.allow for an >example. > > I already have this in /etc/hosts.allow: rpcbind : 192.168.1.0/255.255.255.0 : allow rpcbind : ALL : deny and removed the allow-all line: ALL : ALL : allow But the question is how to get rpcbind to use tcp-wrappers in the first place! Because even with this in hosts.allow, sockstat -46l still shows: root rpcbind 10188 7 udp4 127.0.0.1:111 *:* root rpcbind 10188 8 udp4 192.168.1.1:111 *:* root rpcbind 10188 9 udp4 *:<some_random_port> *:* root rpcbind 10188 10 tcp4 *:<some_random_port> *:* So it's still binding to INADDR_ANY :-( Am I missing something obvious, or is rpcbind not "tcp wrapped" by default? >...Sandy > > Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F75C88.209>