Date: Thu, 23 Dec 2004 12:31:41 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: pfS ftp-proxy binding to 127.0.0.1 Message-ID: <200412231231.42864.max@love2party.net> In-Reply-To: <8e3f9722ef1.41c8e20b@etat.lu> References: <8e3f9722ef1.41c8e20b@etat.lu>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1269397.G8jI1nBnKt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 22 December 2004 02:55, Didier Wiroth wrote: > HI, > I'm still trying openbsd and freebsd. > > I'm setting a pppoe router , using pf and ftp-proxy. > On openbsd you can bind ftp-proxy to the localhost address, openbsd's > ftp-proxy only listens to 127.0.0.1 like this: 127.0.0.1:8021 > > On freebsd it listens on all ip addresses, here is the result of sockstat: > root inetd 750 4 tcp4 *:8021 *:* > > I do understand that I can explicitly add a pf rule to deny or allow > access to the proxy but to enforce security is it possible to bind > ftp-proxy so that it only listens to the localhost. This is not so much a problem with ftp-proxy(8), but with the FreeBSD=20 inetd(8). You might want to try ports/security/xinetd instead. It will give= =20 you a "replacement for inetd with better control and logging" as the port's= =20 description tells. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1269397.G8jI1nBnKt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBByqyeXyyEoT62BG0RApJGAJ9yBKTN4y934J0/DVIgNw0ar2e8owCggL4k Ps0BnTc0aHiMhdd6XQUYanE= =AB3c -----END PGP SIGNATURE----- --nextPart1269397.G8jI1nBnKt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412231231.42864.max>