From owner-freebsd-questions@FreeBSD.ORG Mon Apr 18 13:09:43 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BFCB16A4CE for ; Mon, 18 Apr 2005 13:09:43 +0000 (GMT) Received: from mail23.sea5.speakeasy.net (mail23.sea5.speakeasy.net [69.17.117.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0CFE43D49 for ; Mon, 18 Apr 2005 13:09:42 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 618 invoked from network); 18 Apr 2005 13:09:42 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail23.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 18 Apr 2005 13:09:41 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id B9C4952; Mon, 18 Apr 2005 09:09:38 -0400 (EDT) Sender: lowell@be-well.ilk.org To: "Florian Hengstberger" References: From: Lowell Gilbert Date: 18 Apr 2005 09:09:36 -0400 In-Reply-To: Message-ID: <44ekd8z0xb.fsf@be-well.ilk.org> Lines: 45 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: FreeBSD mailinglist Subject: Re: which interface: mountd,rpcbind X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 13:09:43 -0000 "Florian Hengstberger" writes: > Hi! > I really worry about that it seems (man mountd, man rpcbind) > impossible to specifiy the interface these daemons bind to. > > Specifing this in rc.conf > > rpcbind_enable="YES" > rpcbind_flags="-h 192.168.0.1" > nfs_server_enable="YES" > nfs_server_flags="-t -n 4 -h 192.168.0.1" > mountd_flags="-r" > > the output of sockstat -l is this: > root nfsd 398 3 tcp4 192.168.0.1:2049 *:* > root mountd 396 4 udp4 *:812 *:* > root mountd 396 5 tcp4 *:912 *:* > root mountd 396 6 udp6 *:811 *:* > root mountd 396 7 tcp6 *:911 *:* > root rpcbind 329 4 udp6 *:* *:* > root rpcbind 329 5 stream /var/run/rpcbind.sock > root rpcbind 329 6 udp6 ::1:111 *:* > root rpcbind 329 7 udp6 *:* *:* > root rpcbind 329 8 udp6 *:1023 *:* > root rpcbind 329 9 tcp6 *:111 *:* > root rpcbind 329 10 udp4 127.0.0.1:111 *:* > root rpcbind 329 11 udp4 192.168.0.1:111 *:* > root rpcbind 329 12 udp4 *:808 *:* > root rpcbind 329 13 tcp4 *:111 *:* > bind named 314 20 udp4 192.168.0.1:53 *:* > bind named 314 21 tcp4 192.168.0.1:53 *:* > bind named 314 22 udp4 127.0.0.1:53 *:* > bind named 314 23 tcp4 127.0.0.1:53 *:* > bind named 314 24 udp4 *:53 *:* > ... > > The man page of sockstat does not give information about * int > the last column, but I assume this means 'listens on all interfaces'. > How can I avoid this? You can't, as far as I can see. Looks like it would be an afternoon's work to add it in, but I wouldn't think it's worth worrying about it. Since you bind to an address already, a packet filter firewall will protect you from access on the wrong interface.