Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-security (605 mails)

< Previous Next >
Re: [suse-security] Security on telnet
  • From: Christian Weickhmann <christian.weickhmann@xxxxxx>
  • Date: Fri, 19 Oct 2001 17:40:39 +0200
  • Message-id: <3BD04977.2010808@xxxxxx>


Peter Nixon wrote:

On Fri, 19 Oct 2001 16:35:08 +0200
Christian Weickhmann <christian.weickhmann@xxxxxx> wrote:

Fiorenza Meini wrote:

Hi there,
I installed Linux 7.2 on a machine where I want to have running only
sendmail and telnet (I configured inetd).
I have a network card with a public IP address, but for security reason I'd
like to configure another network card with a local address on which I want
telnetd listen to.
So, what I'd like to to is this:
- sendmail listening on the network card with public IP address
- telnet listening on the network card with local IP addess.

Is this possible?
Any suggestion on how can I configure the system?

Thanks

Fiorenza

Hello Fiorenza!

It's not a *real* solution: Have you set up a firewall? You could set one up with telnet port closed to external network. It would be a bit at least.
Do you really need telnet? Try to use ssh.



I'm sorry, but I have to disagree with you on this. It all depends on how Fiorenza has his network configured. You can't tell him it's not a "real" solution when you don't know the details of his network.
It is infact a _very_ good idea to only bind services to the interfaces you need them to be used on. I agree that he should use ssh instead of telnet, but this doesn't change the fact that he asked a very valid question about how to configure a machine to only bind certain services to certain interfaces. For all you know, his machine could _be_ the firewall....

Fiorenza: I'm sorry, I realised that I only answered your question in part last post. I am actually not sure how to force sendmail to bind to only one interface, (you have to do it inside sendmail as you rarely run sendmail from x/inetd) however if you want to take a look at postfic, you will find that it's very simply a matter of editing main.cf and telling it which interface to bind to. Maybe some sendmail jukies tell you the solution for sendmail, although I susspect that if you have sendmail listening to the _live_ interface, there will be no problem with it listening internally also..


HTH



It was nothing such philosophical. I just wanted to say that my solution isn't really what she said she wanted...

OK?
Christian Weickhmann


< Previous Next >