Bind RPC to a particular IP

[spoodie]

I've been asked if I can lock-down the NFS client activity on a server to just one of it's IP addresses. I've read that xinetd can do this kind of thing but I'm not sure how to configuration xinetd files, is it even possible with RPC calls? I'm using Redhat AS 2.1 (7.2 in the real world I think) and I could do with some advice.

Thanks in advance.

spoodie
===================
"I say we take off and nuke the entire site from orbit. That's the only way to be sure."

 

[marsd]

I used to use tcpwrappers and inetd for this.
Here is a bare bones summary:

http://nfs.sourceforge.net/nfs-howto/server.html

 

[spoodie]

Thanks for the link but it doesn't really help me. I've been trying to add config files to the /etc/xinetd.d directory for the rpc.statd processes but they don't seem to work, the rpc.statd process do not start when I restart the xinetd service:

/etc/xinetd.d/rstatd:
============================================
service rstatd
{
type = RPC
id = rstatd-stream
socket_type = stream
protocol = tcp
wait = no
user = rpcuser
group = rpcuser
server = /sbin/rpc.statd
bind = eth1
}
============================================

/etc/xinetd.d/rstatd-udp:
============================================
service rstatd
{
type = RPC
id = rstatd-dgram
socket_type = dgram
protocol = udp
wait = yes
user = rpcuser
group = rpcuser
server = /sbin/rpc.statd
bind = eth1
}
============================================

Much of this is (educated) guess work. Any thoughts?

Thanks

spoodie
===================
"I say we take off and nuke the entire site from orbit. That's the only way to be sure."

 

[marsd]

Not really. As I said I never used xinetd for securing
rpc base services, but tcpwrppers works well.
You could also use iptables to set up rules allowing
only certain clients/networks to connect to these
services.

 

[flugh]

Add the following line to your xinetd.d conf files:

disable = no

----
JBR