Thanks for your suggestions!
A good solution for my problem should be this one:
- ssh instead of telnet, listening on the network card which has the local
IP address
- sendmail listening on the network card which has the public IP address;
this is possible with this line DAEMON_OPTIONS(`Port=smtp, Name=MTA,
Addr=1.2.3.4')in its configuration file
Fiorenza
-----Messaggio originale-----
Da: Peter Nixon [mailto:nix@susesecurity.com]
Inviato: venerdì 19 ottobre 2001 16.49
A: SuSE Security
Oggetto: Re: [suse-security] Security on telnet
On Fri, 19 Oct 2001 16:35:08 +0200
Christian Weickhmann
Fiorenza Meini wrote:
Hi there, I installed Linux 7.2 on a machine where I want to have running only sendmail and telnet (I configured inetd). I have a network card with a public IP address, but for security reason
I'd
like to configure another network card with a local address on which I want telnetd listen to. So, what I'd like to to is this: - sendmail listening on the network card with public IP address - telnet listening on the network card with local IP addess.
Is this possible? Any suggestion on how can I configure the system?
Thanks
Fiorenza
Hello Fiorenza!
It's not a *real* solution: Have you set up a firewall? You could set one up with telnet port closed to external network. It would be a bit at least. Do you really need telnet? Try to use ssh.
I'm sorry, but I have to disagree with you on this. It all depends on how Fiorenza has his network configured. You can't tell him it's not a "real" solution when you don't know the details of his network. It is infact a _very_ good idea to only bind services to the interfaces you need them to be used on. I agree that he should use ssh instead of telnet, but this doesn't change the fact that he asked a very valid question about how to configure a machine to only bind certain services to certain interfaces. For all you know, his machine could _be_ the firewall.... Fiorenza: I'm sorry, I realised that I only answered your question in part last post. I am actually not sure how to force sendmail to bind to only one interface, (you have to do it inside sendmail as you rarely run sendmail from x/inetd) however if you want to take a look at postfic, you will find that it's very simply a matter of editing main.cf and telling it which interface to bind to. Maybe some sendmail jukies tell you the solution for sendmail, although I susspect that if you have sendmail listening to the _live_ interface, there will be no problem with it listening internally also.. HTH -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com