[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Listening on specific interfaces
From: |
Wheeler, John |
Subject: |
RE: Listening on specific interfaces |
Date: |
Mon, 25 Aug 2003 11:07:37 -0500 |
I might be nice to have this on hosts with lots of interfaces like in a
dmz. Otherwise you have to have something like tcp wrappers deny traffic
to the 5308 port on all interfaces but the control interface. It may
simplify things for some. Its potentially just another layer of
security.
-----Original Message-----
From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
Sent: Monday, August 25, 2003 10:26 AM
To: Wheeler, John
Cc: Mark.Burgess@iu.hio.no; andre@digirati.com.br; help-cfengine@gnu.org
Subject: Re: Listening on specific interfaces
0.0.0.0 is not a specific interface but a wildcard IP address. It means
"allow connections from any client". If you bind to a specific IP then
you might restrict to traffic from a single host, but is that very
useful?
Mark
On 25 Aug, Wheeler, John wrote:
> Maybe I'm confused, but in cfservd.c version 2.0.6 line 749 you set
the
> interface to INADDR_ANY (below). I believe this means it will listen
on
> any interface that's up, or more specifically 0.0.0.0(?). If someone
is
> ambitious you could write a patch to have it listen on something from
> the config file.
>
> 744 #else
> 745
> 746 bzero(&sin,sizeof(sin));
> 747
> 748 sin.sin_port = (unsigned short)(port); /* Service returns
> network byte order */
> 749 sin.sin_addr.s_addr = INADDR_ANY;
> 750 sin.sin_family = AF_INET;
> 751
> 752 if ((sd = socket(AF_INET,SOCK_STREAM,0)) == -1)
> 753 {
> 754 CfLog(cferror,"Couldn't open socket","socket");
> 755 exit (1);
> 756 }
> 757
> 758 if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, (char *) &yes,
> sizeof (int)) == -1)
> 759 {
> 760 CfLog(cferror,"Couldn't set socket options","sockopt");
> 761 exit (1);
> "cfservd.c" line 749 of 3248 --23%-- col 1
>
> -----Original Message-----
> From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
> Sent: Saturday, August 23, 2003 3:51 PM
> To: andre@digirati.com.br
> Cc: help-cfengine@gnu.org
> Subject: Re: Listening on specific interfaces
>
>
>
> I think that this is a function of your operating system, rather than
> of cfengine. It is implementation dependent which interface gets bound
> to by the listen function.
>
> M
>
> On 22 Aug, Andre Nathan wrote:
>> Hi
>>
>> I have just installed cfengine for the first time on a test
> environment.
>> It's working fine for the simple tasks I configured, but I have one
>> doubt: currently, netstat shows "*:cfengine" in the "Local Address"
>> column when cfexecd is running. Is it possible to make it listen on
> one
>> interface only, when I'm using a dual homed host?
>>
>> Thanks in advance
>> Andre
>>
>>
>>
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@gnu.org
>> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
> Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Listening on specific interfaces, Andre Nathan, 2003/08/22
- RE: Listening on specific interfaces, Wheeler, John, 2003/08/25
- RE: Listening on specific interfaces,
Wheeler, John <=
- Re: Listening on specific interfaces, Mark . Burgess, 2003/08/25
- Re: Listening on specific interfaces, Reenen Kroukamp, 2003/08/26
- Re: Listening on specific interfaces, Mark Burgess, 2003/08/27
- Re: Listening on specific interfaces, Chip Seraphine, 2003/08/27
- Re: Listening on specific interfaces, Reenen Kroukamp, 2003/08/27
- Re: Listening on specific interfaces, Mark . Burgess, 2003/08/27
RE: Listening on specific interfaces, Ferguson, Steve, 2003/08/25
RE: Listening on specific interfaces, Ferguson, Steve, 2003/08/27