Firewall Wizards mailing list archives
Re: Binding inetd to ip
From: Borbely Zoltan <bozo () szivarvanynet hu>
Date: Thu, 27 Jan 2000 01:44:04 +0100
Hello, On Tue, Jan 25, 2000 at 11:22:23AM -0500, Nicholas Tang wrote:
Is it possible to bind inetd to a specific ip address/ethernet card under linux? I haven't been able to find any info myself, but the reason I ask is because I currently am running a nameserver that has two network cards.
No, the standard inetd can't do that. You have to use xinetd. If you use xinetd, you can specify the listen address for every service.
I bound ssh to the first card and am running xntpd on there as well (does that have to actually bind to a port? Is there any way to stop that? If not is there any way to at least limit it to one card/ip? Would I be better off just running ntpdate once an hour?) and then I'm running Portsentry on the box to watch for any suspicious activity.
You can't restrict xntpd to bind to every interface. You have to configure the kernel packet filter with ipchains.
Here's how a netstat -na looks: [root@thisbox /root]# netstat -na Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 199.2.242.x:22 199.2.242.z:1092 ESTABLISHED tcp 0 0 199.2.242.x:22 0.0.0.0:* LISTEN tcp 0 0 199.2.242.y:53 0.0.0.0:* LISTEN udp 0 0 199.2.242.y:123 0.0.0.0:* udp 0 0 199.2.242.x:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 304 0.0.0.0:1024 0.0.0.0:* udp 0 0 199.2.242.y:53 0.0.0.0:* raw 0 0 0.0.0.0:17 0.0.0.0:* 7 raw 0 0 0.0.0.0:6 0.0.0.0:* 7 raw 0 0 0.0.0.0:1 0.0.0.0:* 7 raw 0 0 0.0.0.0:6 0.0.0.0:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 0 [ ACC ] STREAM LISTENING 456 /dev/gpmctl unix 0 [ ACC ] STREAM LISTENING 364 /var/run/ndc unix 4 [ ] DGRAM 299 /dev/log unix 1 [ ] DGRAM 301 /var/named/dev/log unix 0 [ ] DGRAM 2558 unix 0 [ ] DGRAM 467 unix 0 [ ] DGRAM 410 unix 0 [ ] DGRAM 362 unix 0 [ ] DGRAM 315 [root@thisbox /root]# Any ideas on anything else I can clean up? Also, I don't mean to sound ignorant but anyone have any idea what's listening on 1024, 1, 6 ,and 17? It's a Redhat 6.0 box, if that helps.
1024/udp maybe the query address of the bind. Try ``netstat -nap'' or ``lsof'', these utilities write the name of the programs holding sockets. In this case you can use ``fuser -n udp 1024'' to get the process id holding this socket. Zoltan BORBELY
Current thread:
- Binding inetd to ip Nicholas Tang (Jan 26)
- Re: Binding inetd to ip Borbely Zoltan (Jan 28)
- Re: Binding inetd to ip Frank Heinzius (Jan 28)
- <Possible follow-ups>
- Re: Binding inetd to ip dwelch (Jan 28)
- Re: Binding inetd to ip John White (Jan 29)
- RE: Binding inetd to ip jan . schultheiss (Jan 28)
- RE: Binding inetd to ip Ewing, Timothy K. (Jan 31)