Date: 16 Aug 2003 11:53:02 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: freebsd-questions@freebsd.org Subject: Re: Make popa3d listen on specific interface Message-ID: <44ada9oazl.fsf@be-well.ilk.org> In-Reply-To: <000301c363a1$11eec110$04fea8c0@moe> References: <000301c363a1$11eec110$04fea8c0@moe>
next in thread | previous in thread | raw e-mail | index | archive | help
"Charles Howse" <chowse@charter.net> writes: > Let me throw this in: > This is a home network, behind a Cable Modem and 4-port Cable/DSL router > w/ firewall. > Port 110 is closed on the firewall. Ports 80,20 and 21 are open on > another machine in the DMZ. > That said ( and I'm no expert ) wouldn't it be acceptable for *my* > situation to bind to an address? > That way, anyone wanting to crack into the pop server on this machine > would have to get past the firewall, and then discover the address the > pop server on this machine is listening on...? Nmap woud certainly do > that, *if* they got in. > I run a pop server on the Redhat machine next to the FreeBSD machine, no > problems ever there. > I could be way off on my logic, and my understanding of tcp/ip, so > correct me if I'm wrong. Not at all; you're dead on. The only thing I'm trying to warn you about is that binding to a specific address is having a fairly small effect on your security in this case. For belt-and-suspenders protection, you'd be somewhat better off with a more sophisticated POP server which can bind to the inside interface directly instead of just the address.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44ada9oazl.fsf>