linux ports

linux ports

Post by Joer » Sat, 02 Jun 2001 22:04:53



Hi all!

Does anybody know, how i can tell Linux the following:

I have two network devices, eth0 and eth1, eht1 ist connected to my ADSL Modem,
eth0 to my intertnal network! Some services i want to use only internal, for example
ftp. So, what i have to do, that the ftp server only listens to request from the internal network??

Thanks a lot

J?rg

 
 
 

linux ports

Post by Rod Smi » Sat, 02 Jun 2001 22:52:52


[Posted and mailed]



Quote:> Hi all!

> Does anybody know, how i can tell Linux the following:

> I have two network devices, eth0 and eth1, eht1 ist connected to my ADSL Modem,
> eth0 to my intertnal network! Some services i want to use only internal, for example
> ftp. So, what i have to do, that the ftp server only listens to request from the internal network??

What distribution are you using? If it's a recent Red Hat or Mandrake
(both of which use xinetd rather than inetd), you can configure your
/etc/xinetd.d/ftp file so that the service definition includes the
following:

     interface = {your.internal.ip.address}

Replace "{your.internal.ip.address}" with your system's internal IP
address. This will cause xinetd to bind that service only to the network
adapter associated with that IP address. Unfortunately, inetd won't do
this.

Another option is to erect a firewall using ipchains or iptables. Check
the appropriate HOWTO documents for more information. The Linux Fiewall
Tools Web site, http://linux-firewall-tools.com/linux/, is also a
useful resource. In fact, setting up a firewall is something I'd
recommend for ANY system that's connected directly via a DSL or cable
modem.

--

http://www.rodsbooks.com
Author of books on Linux & multi-OS configuration

 
 
 

linux ports

Post by Rob Baxt » Sun, 03 Jun 2001 02:40:41



> [Posted and mailed]



> > Hi all!

> > Does anybody know, how i can tell Linux the following:

> > I have two network devices, eth0 and eth1, eht1 ist connected to my ADSL Modem,
> > eth0 to my intertnal network! Some services i want to use only internal, for example
> > ftp. So, what i have to do, that the ftp server only listens to request from the internal network??

> What distribution are you using? If it's a recent Red Hat or Mandrake
> (both of which use xinetd rather than inetd), you can configure your
> /etc/xinetd.d/ftp file so that the service definition includes the
> following:

>      interface = {your.internal.ip.address}

> Replace "{your.internal.ip.address}" with your system's internal IP
> address. This will cause xinetd to bind that service only to the network
> adapter associated with that IP address. Unfortunately, inetd won't do
> this.

> Another option is to erect a firewall using ipchains or iptables. Check
> the appropriate HOWTO documents for more information. The Linux Fiewall
> Tools Web site, http://linux-firewall-tools.com/linux/, is also a
> useful resource. In fact, setting up a firewall is something I'd
> recommend for ANY system that's connected directly via a DSL or cable
> modem.

or you could simply put ALL:ALL in your /etc/hosts.deny file and
ALL:{your.internal.ip.address} in /etc/hosts.allow.  This is most
likely not the most ideal solution, and I recommend you look into
getting a firewall setup as mentioned above.  What this will do,
however, is get what you want done very easily.

Cheers,

Rob

 
 
 

linux ports

Post by Jacob Atze » Sun, 03 Jun 2001 04:00:02



> or you could simply put ALL:ALL in your /etc/hosts.deny file and
> ALL:{your.internal.ip.address} in /etc/hosts.allow.  This is most

Does this apply to _every_ service running on a system? I remember
reading something about this only applying to services run with
tcp wrappers or something.

Regards
- Jacob

 
 
 

linux ports

Post by Magnu » Sun, 03 Jun 2001 20:38:20




> > or you could simply put ALL:ALL in your /etc/hosts.deny file and
> > ALL:{your.internal.ip.address} in /etc/hosts.allow.  This is most

> Does this apply to _every_ service running on a system? I remember
> reading something about this only applying to services run with
> tcp wrappers or something.

> Regards
> - Jacob

Inetd uses tcp wrapper. This may vary on differant dists, cant really tell.
Anyway, it would be significantly easier for you to use SAMBA.
It works like file sharing under windows, and is my choice of filesharing
on small internal LAN's. It is really easy to configure, and you have the
option to put wich interface samba are to use.

Magnus