2 inetd's with 2 nics
Is it possible and a good idea to have one inetd for the inside nic and another with fewer services for the outside on a gateway machine, or should I just use ipfw/ipchain for this? Leif To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: 2 inetd's with 2 nics
On Sunday, August 13, 2000, Leif Neland wrote: Is it possible and a good idea to have one inetd for the inside nic and another with fewer services for the outside on a gateway machine, or should I just use ipfw/ipchain for this? From the inetd man page: -a Specify a specific IP address to bind to. Alternatively, a host- name can be specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is used. Usually a hostname is specified when inetd is run inside a jail(8), in which case the hostname corresponds to the jail(8) environment. -- |Chris Costello [EMAIL PROTECTED] |If a group of N persons implements a COBOL compiler, there will be N-1 |passes. Someone in the group has to be the manager.-- T. Cheatham `-- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: 2 inetd's with 2 nics
On Sun, 13 Aug 2000, Leif Neland wrote: Is it possible and a good idea to have one inetd for the inside nic and another with fewer services for the outside on a gateway machine, or should I just use ipfw/ipchain for this? Depends on why you want them separate. You could use the -a option to run separate instances or use tcp_wrappers (integrated in inetd), ipf, or ipfw to limit acccess. - Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: 2 inetd's with 2 nics
- Original Message - From: "Chris Costello" [EMAIL PROTECTED] To: "Leif Neland" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, August 13, 2000 6:31 PM Subject: Re: 2 inetd's with 2 nics On Sunday, August 13, 2000, Leif Neland wrote: Is it possible and a good idea to have one inetd for the inside nic and another with fewer services for the outside on a gateway machine, or should I just use ipfw/ipchain for this? From the inetd man page: -a Specify a specific IP address to bind to. Alternatively, a host- name can be specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is used. Usually a hostname is specified when inetd is run inside a jail(8), in which case the hostname corresponds to the jail(8) environment. Yes, I know this. But is it a good idea to have separate inetd's for inside and outside? Leif To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: 2 inetd's with 2 nics
On Sun, Aug 13, 2000 at 11:31:12AM -0500, Chris Costello wrote: From the inetd man page: -a Specify a specific IP address to bind to. Alternatively, a host- name can be specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is used. Usually a hostname is specified when inetd is run inside a jail(8), in which case the hostname corresponds to the jail(8) environment. You'll almost certainly want to use the -p flag if you do this. There's probably no harm in doing it if you want to, but you'd have to use ipfw too if you want only to expose some services on one side of the machine. (ie. If you have a router running an inetd on the "inside" interface then someone on the outside can send packets to the outside interface but addressed to the address of the inside interface and get a response). David. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message