by Joer » Sat, 02 Jun 2001 22:04:53
Does anybody know, how i can tell Linux the following:
I have two network devices, eth0 and eth1, eht1 ist connected to my ADSL Modem,
eth0 to my intertnal network! Some services i want to use only internal, for example
ftp. So, what i have to do, that the ftp server only listens to request from the internal network??
Thanks a lot
J?rg
by Rod Smi » Sat, 02 Jun 2001 22:52:52
What distribution are you using? If it's a recent Red Hat or MandrakeQuote:> Hi all!
> Does anybody know, how i can tell Linux the following:
> I have two network devices, eth0 and eth1, eht1 ist connected to my ADSL Modem,
> eth0 to my intertnal network! Some services i want to use only internal, for example
> ftp. So, what i have to do, that the ftp server only listens to request from the internal network??
interface = {your.internal.ip.address}
Replace "{your.internal.ip.address}" with your system's internal IP
address. This will cause xinetd to bind that service only to the network
adapter associated with that IP address. Unfortunately, inetd won't do
this.
Another option is to erect a firewall using ipchains or iptables. Check
the appropriate HOWTO documents for more information. The Linux Fiewall
Tools Web site, http://linux-firewall-tools.com/linux/, is also a
useful resource. In fact, setting up a firewall is something I'd
recommend for ANY system that's connected directly via a DSL or cable
modem.
--
http://www.rodsbooks.com
Author of books on Linux & multi-OS configuration
by Rob Baxt » Sun, 03 Jun 2001 02:40:41
> > Hi all!
> > Does anybody know, how i can tell Linux the following:
> > I have two network devices, eth0 and eth1, eht1 ist connected to my ADSL Modem,
> > eth0 to my intertnal network! Some services i want to use only internal, for example
> > ftp. So, what i have to do, that the ftp server only listens to request from the internal network??
> What distribution are you using? If it's a recent Red Hat or Mandrake
> (both of which use xinetd rather than inetd), you can configure your
> /etc/xinetd.d/ftp file so that the service definition includes the
> following:
> interface = {your.internal.ip.address}
> Replace "{your.internal.ip.address}" with your system's internal IP
> address. This will cause xinetd to bind that service only to the network
> adapter associated with that IP address. Unfortunately, inetd won't do
> this.
> Another option is to erect a firewall using ipchains or iptables. Check
> the appropriate HOWTO documents for more information. The Linux Fiewall
> Tools Web site, http://linux-firewall-tools.com/linux/, is also a
> useful resource. In fact, setting up a firewall is something I'd
> recommend for ANY system that's connected directly via a DSL or cable
> modem.
Cheers,
Rob
by Jacob Atze » Sun, 03 Jun 2001 04:00:02
Regards
- Jacob
by Magnu » Sun, 03 Jun 2001 20:38:20
> > or you could simply put ALL:ALL in your /etc/hosts.deny file and
> > ALL:{your.internal.ip.address} in /etc/hosts.allow. This is most
> Does this apply to _every_ service running on a system? I remember
> reading something about this only applying to services run with
> tcp wrappers or something.
> Regards
> - Jacob
Magnus
1. >Why BSD port to Mac exists but not Linux port ?!?!?!?
Is there some reason why free BSD UNIX exists for the Macintosh, but LINUX
doesn't? I know people are working on it (I hope) still, but my understand-
ing was that the kernel was the hard part to write because you need to know
the hardware.
What's different about BSD kernels from LINUX kernels?
Ted
3. Solaris-to-Linux porting guide and Solaris-to-Linux API checker
4. XFree86 3.2
5. New Vger Linux-Activists Lists for Linux Ports
6. RELEASED!: suCGI : CGI module for Apache
7. Solaris-to-Linux porting guide and Solaris-to-Linux API checker
8. How do I get my include files up to date?
9. Need help compiling Linux port of XView (pl1 + sunsite linux patches)
10. Looking for Linux hacker for MIPS 4300 Linux port
12. Linux port forwarding of Oracle traffic.
13. linux port of x386 1.2e 1.0