From owner-freebsd-questions Fri Oct 12 11:37:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from brained.org (ubr-33.140.121.division.cfl.rr.com [65.33.140.121]) by hub.freebsd.org (Postfix) with ESMTP id 20E5E37B406 for ; Fri, 12 Oct 2001 11:37:23 -0700 (PDT) Received: (from code@localhost) by brained.org (8.11.4/8.11.3) id f9CIVQB10690; Fri, 12 Oct 2001 14:31:26 -0400 (EDT) Date: Fri, 12 Oct 2001 14:31:25 -0400 From: Simon Perkins To: Alson van der Meulen Cc: freebsd-questions@freebsd.org Subject: Re: How to protect binding to interface ? Message-ID: <20011012143125.G4157@brained.org> References: <20011010214156.B27378@brained.org> <20011012143031.B21997@md2.mediadesign.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011012143031.B21997@md2.mediadesign.nl>; from alm@flutnet.org on Fri, Oct 12, 2001 at 02:30:31PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --aM3YZ0Iwxop3KEKx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 12, 2001 at 02:30:31PM +0200, Alson van der Meulen wrote: > On Wed, Oct 10, 2001 at 09:41:56PM -0400, Simon Perkins wrote: > > Hi, > >=20 > > I am learning freeBSD and wanted to know if there is any means in > > freeBSD to prevent non-root users to bind to public interfaces or=20 > > maybe something which even makes the public network interfaces=20 > > invisible to them. Can anybody point me in right direction ? > try something like: > allow tcp from any to any in via fxp0 setup uid root > reset tcp from any to any in via fxp0 setup > (where fxp0 is your public interface) >=20 I think that is a workable solution. I think I stated my question wrongly. What I need is *remote* users not to see public interfaces (bind to them). I think the solution is to forward ssh connection to internal host on priva= te network. Am I going in right direction ? -S --aM3YZ0Iwxop3KEKx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE7xzb8QLIkk4YsfGgRApBnAKCOmCf14JjbFhALBgZ9GqLYl7kAVgCdFLRR 960HEqdvRMEUJBERlw3mVH0= =nkOX -----END PGP SIGNATURE----- --aM3YZ0Iwxop3KEKx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message