SUMMARY:ports listening on hme0/hme1

From: Vugt, Andres van (ICT) (HK) (avanvugt@hollandcasino.nl)
Date: Fri Jul 28 2000 - 02:12:47 CDT


-----Original Message-----
****************

I've got several E450's running Solaris 7, which are going to serve as
webservers.
There are 2 networkcards present in each machine (hme0 and hme1).
Hme0 is the connection to the outside world (internet), and hme1 is
connected to our internal network, to perform systemtaks.
For security reasons I want to devide the services and ports on the
different interfaces.

How do I configure the system that some services in /etc/services and
/etc/inetd.conf run via hme0 and others via hme1?

How, and where, in wich format do I set this?

And to make it more difficult:
For Inet-services, how do I configure that (for example) port 80 is
listening on hme0, while port 8080 is listening on hme1?

***************************

Several managers replied to me that I've got to use my Web-server software
(either Apache or Iplanet or so) to configure the correct ports to listen
to.
This has been done, so that solves half of the problem.

Ravi Kuppanna replied that I need a firewall for this,wich off-course is
good advice, but I intentianally left that out; we've got a firewall
configured to block all the nasty stuff, but I figured that sytem-security
is just as important 'cause I don't want to rely on the FW only.

Help came also with advice for extra software:
*Tcp-wrappers (wich are going to be implemented) (Michael Miller, Dimitrious
Stergiou)
*IP-filter (http://coombs.anu.edu.au/~avalon/) (John D. Groenveld)
*Xinetd (Bruce M. Simpson)

Bruce also adviced to take a look at the use of OpenBSD.

Andy de Petter: The same story for SNMP: if you run ucd-snmpd, you're
capable of
changing the configuration (snmpd.conf) to let the snmp daemon bind to a
specific IP address, and not on all IP addresses on the machine.

And what most of u said: configure the services you want....and configure
the services you don't want...
It seems there's not really an easy way to devide the services over the
interfaces.

Thanks to all who replied.

Met vriendelijke groet / Kind regards,

Andres van Vugt
System manager (Solaris)

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:13 CDT