Re: inetd question

Michael Meskes 19 Jun 1997 13:33:06 -0000

>Thanks Peter.
>
>Now my hosts.allow file reads:
>
># /etc/hosts.allow: list of hosts that are allowed to access the system.
> See
>#                   hosts_access(5) and
>/usr/doc/netbase/portmapper.txt.gz
>#
># Example:    ALL: LOCAL @some_netgroup
>#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
>#
>http-gw: 172.26. @@ALL=20
>ALL: @@ALL
>
>And it works nicely.
>
>Michael
>--
>Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
>[EMAIL PROTECTED]                    | Europark A2, Adenauerstr. 20
>[EMAIL PROTECTED]                      | 52146 Wuerselen
>Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
>Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10
>
>>-----Original Message-----
>>From: Peter Tobias [SMTP:[EMAIL PROTECTED]
>>Sent: Wednesday, June 18, 1997 2:16 PM
>>To:   Michael Meskes
>>Cc:   Die Adresse des Empf=E4ngers ist unbekannt.
>>Subject:      Re: inetd question
>>
>>On Jun 17, Michael Meskes wrote:
>>> Yes, I use a proxy and both proxy and www-client run on the same
>>> machine. But it appears the ident calls came from my firewall where I
>>> run a http-gw.=20
>>>=20
>>> You're absolutely right that I should get rid of that traffic. There =
>is
>>> no need for the firewall to ask identd on a local machine. But it =
>should
>>> ask identd for connections from outside. Can I configure tcpd so that =
>it
>>> only ask outside machines? Currently I have ALL:@@ALL in my
>>> /etc/hosts.allow file. Would it suffice to add a line http-gw:
>>> [EMAIL PROTECTED] Our local network is 172.26.0.0.
>>
>>I guess the following things would help:
>>
>>- replace ALL:@@ALL  by  ALL:ALL (no ident lookups by default) or
>>  maybe  ALL EXCEPT http-gw:@@ALL (lookups for every service except =
>http-gw)
>>
>>or
>>
>>- http-gw:172.26. @@ALL   (or http-gw:172.26. [EMAIL PROTECTED])
>>  This line would allow access from 172.26.x.x without ident lookup.
>>  Every other address would cause an ident lookup.
>>
>>or
>>
>>- use ipfwadm to protect the ident port
>>
>>
>>Thanks,
>>
>>Peter
>>
>>--=20
>>Peter Tobias <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
>><[EMAIL PROTECTED]>
>>PGP ID EFAA400D, fingerprint =3D 06 89 EB 2E 01 7C B4 02  04 62 89 6C =
>2F DD F1
>>3C=20
>>
>>
>>--
>>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>>[EMAIL PROTECTED] .=20
>>Trouble?  e-mail to [EMAIL PROTECTED] .
>>



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: inetd question

Reply via email to