From owner-freebsd-questions@FreeBSD.ORG Fri Aug 15 19:50:04 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F0C937B401 for ; Fri, 15 Aug 2003 19:50:04 -0700 (PDT) Received: from remt20.cluster1.charter.net (remt20.cluster1.charter.net [209.225.8.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4070D43F93 for ; Fri, 15 Aug 2003 19:50:03 -0700 (PDT) (envelope-from chowse@charter.net) Received: from [66.168.145.25] (HELO moe) by remt20.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 124233162 for freebsd-questions@freebsd.org; Fri, 15 Aug 2003 22:50:02 -0400 From: "Charles Howse" To: Date: Fri, 15 Aug 2003 21:49:53 -0500 Message-ID: <000301c363a1$11eec110$04fea8c0@moe> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <44adaaa48s.fsf@be-well.ilk.org> Importance: Normal Subject: RE: Make popa3d listen on specific interface X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Aug 2003 02:50:04 -0000 > > /* > > * The address and port to listen on. > > */ > > #define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */ > > #define DAEMON_PORT 110 > > > > but I have to mention that I dunno if the port can handle this. :/ > > must check first > > But at least it should be possible to bind popa3d to a > specific interface. > > Yes, you *can* bind to an address that way. > However, you can't bind to an interface that easily, > which is really required to do this as a security > measure. A firewall may be protecting you from > source-spoofed packets, but then you're back to, > well, depending on the firewall for the real security. Let me throw this in: This is a home network, behind a Cable Modem and 4-port Cable/DSL router w/ firewall. Port 110 is closed on the firewall. Ports 80,20 and 21 are open on another machine in the DMZ. That said ( and I'm no expert ) wouldn't it be acceptable for *my* situation to bind to an address? That way, anyone wanting to crack into the pop server on this machine would have to get past the firewall, and then discover the address the pop server on this machine is listening on...? Nmap woud certainly do that, *if* they got in. I run a pop server on the Redhat machine next to the FreeBSD machine, no problems ever there. I could be way off on my logic, and my understanding of tcp/ip, so correct me if I'm wrong.