Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

xinet.d question (and iptable) 1

Status
Not open for further replies.
LinuXelite

LinuXelite

Programmer
Jun 21, 2002
150
CA
Hi

Eth0 has 4 ip adress.

I have a service on port 2317 (genweb). Currently, it listen to all ip adress.

I want this server to listen only to 1 ip adress.
thedaver told me to use xinet to bind the service to an ip adress.

I have created a new file in /etc/xinet.d.... here is the file:

[root@ns xinetd.d]# cat gwd

service gwd
{
type = INTERNAL UNLISTED
socket_type = stream
port = 2317
protocol = tcp
wait = no
disable = no
user = geneweb
instances = 10
bind = 192.168.0.56
}

[root@ns xinetd.d]# cat /etc/services | grep gwd
gwd 2317/tcp # gwd

[root@ns xinetd.d]# /etc/init.d/xinetd reload
Reloading configuration: [ OK ]


This does not work! I've read the man page of xinet.conf but there is somethign I dont understand...

How can xinetd listen to port 2317 only on ip 192.168.0.56?

I don't want to use server=/usr/local/geneweb/gwd

May be the best solution is to use iptable to block any connection on port 2317, except from eth0:3 (162.168.0.56).

What do you think? Can I do that with iptable/netfilter?

Frank
 
Sort by date Sort by votes
LinuXelite, a few quick things:

First, you can't set the type to INTERNAL because this is not a service provided internally by xinetd. That being the case you must have a server line.

Second, gwd must be written to support running under xinetd. In otherwords it must know that it's I/O is on STDIN and STDOUT so it should not do it's own socket setup.

Programs have two choices when binding an address. They can either bind to a specific address or they can bind to all addresses. xinetd looks at the bind parm and says to only bind to that address. gwd would appear to bind to the generic "all" interface.

Unless gwd is writen to allow running under inetd iptables would be your best bet. Assuming you allow everything you could do something like:
Code: 
iptables -A INPUT -p tcp --dport gwd -d ! 192.168.0.56 -j DROP
Hope that helps
 
Upvote 0 Downvote

I tought iptables was the best solution.

GWD is not written for xinetd.

And you know what? Linux rocks!

Frank,

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
483
AbidingDude
AbidingDude
SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
286
SamBones
SamBones
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
267
ChrisHirst
ChrisHirst
johngiggs
  • Locked
  • Question
Regex Question
Replies
1
Views
210
johngiggs
johngiggs
macrun95
  • Locked
  • Question
I had a cifs mount blow up and now
Replies
0
Views
113
macrun95
macrun95

Part and Inventory Search

Sponsor

Back
Top