Date: Fri, 15 Aug 2003 21:49:53 -0500 From: "Charles Howse" <chowse@charter.net> To: <freebsd-questions@freebsd.org> Subject: RE: Make popa3d listen on specific interface Message-ID: <000301c363a1$11eec110$04fea8c0@moe> In-Reply-To: <44adaaa48s.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > /* > > * The address and port to listen on. > > */ > > #define DAEMON_ADDR "0.0.0.0" /* INADDR_ANY */ > > #define DAEMON_PORT 110 > > > > but I have to mention that I dunno if the port can handle this. :/ > > must check first > > But at least it should be possible to bind popa3d to a > specific interface. > > Yes, you *can* bind to an address that way. > However, you can't bind to an interface that easily, > which is really required to do this as a security > measure. A firewall may be protecting you from > source-spoofed packets, but then you're back to, > well, depending on the firewall for the real security. Let me throw this in: This is a home network, behind a Cable Modem and 4-port Cable/DSL router w/ firewall. Port 110 is closed on the firewall. Ports 80,20 and 21 are open on another machine in the DMZ. That said ( and I'm no expert ) wouldn't it be acceptable for *my* situation to bind to an address? That way, anyone wanting to crack into the pop server on this machine would have to get past the firewall, and then discover the address the pop server on this machine is listening on...? Nmap woud certainly do that, *if* they got in. I run a pop server on the Redhat machine next to the FreeBSD machine, no problems ever there. I could be way off on my logic, and my understanding of tcp/ip, so correct me if I'm wrong.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c363a1$11eec110$04fea8c0>