After reading a previous thread about stopping services from listening on certains ports, I decided to investigate things a little further for my system.
So, what I can figure out is that it seems that I have only the following daemons listening: postfix, sshd, cupsd, XF86_SVGA, portmap. I have only deliberately decided to run postfix, sshd and cupsd. Everything in /etc/inetd.conf is hashed out. In fact I renamed the file so that it is not accessed at all. The only ones I didn't know about in this list are portmap and XF86_SVGA. Firstly, I can't seem to find the config file for X where you set the --nolisten parameter - but I have not unset this at any stage and I thought Debian did this by default. Secondly, I guess everyone needs portmap it seems, so I can't turn this off or some things won't work. Someone please educate me here. So my question is: Is there some way to make certain daemons, (say postfix) listen only on some interfaces? For example, I have everything firewalled from outside, so I really only need postfix to listen on the loopback interface for local connections. Is this possible? Then netstat -ln might show something like: tcp 0 0 0.0.0.0:25 127.0.0.1:* LISTEN I have included the output of lsof and netstat below, just in case someone needs this to answer my question. Cheers. Mark. Here my current output for: # lsof -Pan -i tcp -i udp COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME portmap 121 root 3u IPv4 957 UDP *:111 portmap 121 root 4u IPv4 960 TCP *:111 (LISTEN) cupsd 291 root 4u IPv4 1236 TCP *:631 (LISTEN) master 430 root 9u IPv4 1371 TCP *:25 (LISTEN) sshd 440 root 3u IPv4 1441 TCP *:22 (LISTEN) XF86_SVGA 467 root 0u IPv4 1571 TCP *:6000 (LISTEN) communica 3493 mark 25u IPv4 53095 TCP 203.54.198.207:33107->204.152.186.193:80 (CLOSE_WAIT) communica 3493 mark 27u IPv4 53101 TCP 203.54.198.207:33108->204.152.186.193:80 (CLOSE_WAIT) communica 3493 mark 31u IPv4 52717 TCP 203.54.198.207:33099->204.152.184.73:80 (CLOSE_WAIT) communica 3493 mark 32u IPv4 53102 TCP 203.54.198.207:33109->204.152.186.193:80 (CLOSE_WAIT) # netstat -ln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:111 0.0.0.0:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 1380 private/cleanup unix 2 [ ACC ] STREAM LISTENING 1388 private/rewrite unix 2 [ ACC ] STREAM LISTENING 1392 private/bounce unix 2 [ ACC ] STREAM LISTENING 1396 private/defer unix 2 [ ACC ] STREAM LISTENING 1404 public/showq unix 2 [ ACC ] STREAM LISTENING 1400 private/smtp unix 2 [ ACC ] STREAM LISTENING 1408 private/error unix 2 [ ACC ] STREAM LISTENING 1412 private/local unix 2 [ ACC ] STREAM LISTENING 1416 private/cyrus unix 2 [ ACC ] STREAM LISTENING 1420 private/uucp unix 2 [ ACC ] STREAM LISTENING 1424 private/ifmail unix 2 [ ACC ] STREAM LISTENING 1428 private/bsmtp unix 2 [ ACC ] STREAM LISTENING 1010 /dev/log unix 2 [ ACC ] STREAM LISTENING 1226 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 1572 /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 1599 /tmp/ssh-mRMAu471/agent.471
pgpChz4sFXM68.pgp
Description: PGP signature
