From owner-freebsd-bugs  Thu May 28 11:59:16 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA28528
          for freebsd-bugs-outgoing; Thu, 28 May 1998 11:59:16 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from gw.jmrodgers.com (gw.jmrodgers.com [205.247.224.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA28522
          for <freebsd-bugs@FreeBSD.ORG>; Thu, 28 May 1998 11:59:10 -0700 (PDT)
          (envelope-from meuston@jmrodgers.com)
Received: from max.jmrodgers.com (max.jmrodgers.com [205.247.224.209])
	by gw.jmrodgers.com (8.8.8/8.8.8) with SMTP id OAA14723;
	Thu, 28 May 1998 14:57:12 -0400 (EDT)
	(envelope-from meuston@jmrodgers.com)
Received: by localhost with Microsoft MAPI; Thu, 28 May 1998 14:57:11 -0400
Message-ID: <01BD8A48.E4D3B500.meuston@jmrodgers.com>
From: Max Euston <meuston@jmrodgers.com>
To: "'Niall Smart'" <njs3@doc.ic.ac.uk>,
        "freebsd-bugs@FreeBSD.ORG"
	 <freebsd-bugs@FreeBSD.ORG>
Subject: inetd enhancement (was RE: kern/6774: bind(3)/libc improvement)
Date: Thu, 28 May 1998 14:57:09 -0400
Organization: J.M. Rodgers Co., Inc.
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thursday, May 28, 1998 12:14 PM, Niall Smart [SMTP:njs3@doc.ic.ac.uk] wrote:
> On May 28, 12:09pm, Max Euston wrote:
> > I agree, multiple inetd & inetd.conf files could be messy, but I wanted to 
> > do this on a "gateway" machine to allow only certain services on certain 
> > interfaces (I currently use ipfw, but the rules can get to be a little 
> > complex).  If I find any elegant solutions, I will let you know.
> 
> Well, the elegant solution seems to be to supplement inetd.conf's syntax
> to support specifying which address to bind to.

Maybe like this?

ftp     stream  tcp                    nowait  root    /usr/libexec/ftpd       ftpd -llS
telnet  stream  tcp/123.123.123.10     nowait  root    /usr/libexec/telnetd    telnetd

> 
> Are you using ipfw to prevent packets recieved on one interface from
> being passed to a service bound on another interface?

Yes (ex0=public, ex1=internal)

# allow ftp from anywhere
	allow tcp from any to 123.123.123.10 21 setup
# allow telnet from internal only
	allow tcp from any to 231.231.231.20 23 in recv ex1 setup
	...
	allow tcp from any to any established
	deny log ip from any to any


Max
---
Max Euston <meuston@jmrodgers.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message