Firewall Wizards mailing list archives

Re: Binding inetd to ip

From: Borbely Zoltan <bozo () szivarvanynet hu>
Date: Thu, 27 Jan 2000 01:44:04 +0100

Hello,

On Tue, Jan 25, 2000 at 11:22:23AM -0500, Nicholas Tang wrote:

Is it possible to bind inetd to a specific ip address/ethernet card under
linux?  I haven't been able to find any info myself, but the reason I
ask is because I currently am running a nameserver that has two network
cards.


No, the standard inetd can't do that. You have to use xinetd. If you use
xinetd, you can specify the listen address for every service.

I bound ssh to the first card and am running xntpd on there as well (does
that have to actually bind to a port?  Is there any way to stop that?  If
not is there any way to at least limit it to one card/ip?  Would I be
better off just running ntpdate once an hour?) and then I'm running
Portsentry on the box to watch for any suspicious activity.


You can't restrict xntpd to bind to every interface. You have to configure
the kernel packet filter with ipchains.

Here's how a netstat -na looks:

[root@thisbox /root]# netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 199.2.242.x:22        199.2.242.z:1092    ESTABLISHED 
tcp        0      0 199.2.242.x:22        0.0.0.0:*               LISTEN      
tcp        0      0 199.2.242.y:53        0.0.0.0:*               LISTEN      
udp        0      0 199.2.242.y:123       0.0.0.0:*                           
udp        0      0 199.2.242.x:123       0.0.0.0:*                           
udp        0      0 127.0.0.1:123           0.0.0.0:*                           
udp        0      0 0.0.0.0:123             0.0.0.0:*                           
udp        0    304 0.0.0.0:1024            0.0.0.0:*                           
udp        0      0 199.2.242.y:53        0.0.0.0:*                           
raw        0      0 0.0.0.0:17              0.0.0.0:*               7           
raw        0      0 0.0.0.0:6               0.0.0.0:*               7           
raw        0      0 0.0.0.0:1               0.0.0.0:*               7           
raw        0      0 0.0.0.0:6               0.0.0.0:*               7           
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  0      [ ACC ]     STREAM     LISTENING     456    /dev/gpmctl
unix  0      [ ACC ]     STREAM     LISTENING     364    /var/run/ndc
unix  4      [ ]         DGRAM                    299    /dev/log
unix  1      [ ]         DGRAM                    301
/var/named/dev/log
unix  0      [ ]         DGRAM                    2558   
unix  0      [ ]         DGRAM                    467    
unix  0      [ ]         DGRAM                    410    
unix  0      [ ]         DGRAM                    362    
unix  0      [ ]         DGRAM                    315    
[root@thisbox /root]# 

Any ideas on anything else I can clean up?  Also, I don't mean to sound
ignorant but anyone have any idea what's listening on 1024, 1, 6 ,and
17?  It's a Redhat 6.0 box, if that helps.


1024/udp maybe the query address of the bind. Try ``netstat -nap'' or ``lsof'',
these utilities write the name of the programs holding sockets. In this
case you can use ``fuser -n udp 1024'' to get the process id holding this
socket.

Zoltan BORBELY

Current thread:

Binding inetd to ip Nicholas Tang (Jan 26)
- Re: Binding inetd to ip Borbely Zoltan (Jan 28)
- Re: Binding inetd to ip Frank Heinzius (Jan 28)
- <Possible follow-ups>
- Re: Binding inetd to ip dwelch (Jan 28)
  - Re: Binding inetd to ip John White (Jan 29)
- RE: Binding inetd to ip jan . schultheiss (Jan 28)
- RE: Binding inetd to ip Ewing, Timothy K. (Jan 31)