Date: Thu, 28 May 1998 14:57:09 -0400 From: Max Euston <meuston@jmrodgers.com> To: "'Niall Smart'" <njs3@doc.ic.ac.uk>, "freebsd-bugs@FreeBSD.ORG" <freebsd-bugs@FreeBSD.ORG> Subject: inetd enhancement (was RE: kern/6774: bind(3)/libc improvement) Message-ID: <01BD8A48.E4D3B500.meuston@jmrodgers.com>
next in thread | raw e-mail | index | archive | help
On Thursday, May 28, 1998 12:14 PM, Niall Smart [SMTP:njs3@doc.ic.ac.uk] wrote: > On May 28, 12:09pm, Max Euston wrote: > > I agree, multiple inetd & inetd.conf files could be messy, but I wanted to > > do this on a "gateway" machine to allow only certain services on certain > > interfaces (I currently use ipfw, but the rules can get to be a little > > complex). If I find any elegant solutions, I will let you know. > > Well, the elegant solution seems to be to supplement inetd.conf's syntax > to support specifying which address to bind to. Maybe like this? ftp stream tcp nowait root /usr/libexec/ftpd ftpd -llS telnet stream tcp/123.123.123.10 nowait root /usr/libexec/telnetd telnetd > > Are you using ipfw to prevent packets recieved on one interface from > being passed to a service bound on another interface? Yes (ex0=public, ex1=internal) # allow ftp from anywhere allow tcp from any to 123.123.123.10 21 setup # allow telnet from internal only allow tcp from any to 231.231.231.20 23 in recv ex1 setup ... allow tcp from any to any established deny log ip from any to any Max --- Max Euston <meuston@jmrodgers.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BD8A48.E4D3B500.meuston>