xinetd: redirecting pop3 service...
Hi there! I have a Linux box which has two network interfaces: the first one listens on a public IP address, the second listens on a local IP address. I'd like to configure xinetd so that an incoming request on port 110 (on the interface which has the public address) is redirected to our real POP3 server, which is on a local intranet. I installed Linux 7.2. I connect successfully to the port 110 of linux box, but as I'm connected the connection is closed. Probably it is a configuration mistake. Thanks Fiorenza Robinson s.r.l This is the xinetd.conf file # # xinetd.conf # # Copyright (c) 1998-99 SuSE GmbH Nuernberg, Germany. # defaults { log_type = FILE /var/log/xinetd.log log_on_success = HOST EXIT DURATION log_on_failure = HOST ATTEMPT RECORD only_from = 10.10.3.7 10.10.3.4 instances = 2 # # The specification of an interface is interesting, if we are on a firewall. # For example, if you only want to provide services from an internal # network interface, you may specify your internal interfaces IP-Address. # # interface = 127.0.0.1 interface = 10.10.1.6 # # # If you want to enable one of the following services, you only have to # comment it out. After that, send SIGUSR1 to xinetd to force a # reload of it's configuration # # disabled = ftp disabled = rstatd # disabled = telnet disabled = shell disabled = login disabled = finger # disabled = pop3 disabled = comsat disabled = ntalk disabled = talk disabled = discard disabled = chargen disabled = daytime disabled = time disabled = echo disabled = daytime disabled = time disabled = smtp disabled = ident } ## ## Now the definitions of the different services ## ## service ftp { # # Because we use wu.ftpd, we set instances to UNLIMITED. # wu.ftpd manages the amount of users himself. # socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.ftpd # server_args = -a instances = UNLIMITED } service telnet { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.telnetd server_args = -n only_from = 10.10.3.7 10.10.3.4 no_access = } service pop3 { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/ipop3d server_args = -s redirect = mail.robinson.it 110 only_from = 10.10.3.7 10.10.3.4 }
Hi Fiorenza!
I have a Linux box which has two network interfaces: the first one listens on a public IP address, the second listens on a local IP address. I'd like to configure xinetd so that an incoming request on port 110 (on the interface which has the public address) is redirected to our real POP3 server, which is on a local intranet. I installed Linux 7.2. I connect successfully to the port 110 of linux box, but as I'm connected the connection is closed. Probably it is a configuration mistake.
I see two potential problems:
service pop3 { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/ipop3d
I may be wrong with this one, but when you use "server" and "redirect" together, then "server" gets precedence, and "redirect" is ignored, if I remember correctly.
server_args = -s redirect = mail.robinson.it 110 only_from = 10.10.3.7 10.10.3.4 }
The only_from field looks like it only allows access to the pop3-port from your private network, while from your description it seems you want to access the pop3 port from the internet. That would explain the problems... Ciao, Yuri.
Hi there! I have a Linux box which has two network interfaces: the first one listens on a public IP address, the second listens on a local IP address. I'd like to configure xinetd so that an incoming request on port 110 (on
If I were you, I wouldn't do it in xinetd. I would do it on a firewall
level.
Do you use ipchains or iptables?
If you have SuSEfirewall2 installed.
Look at some examples on port redirecting in
/usr/share/doc/packages/SuSEfirewall2/EXAMPLES
If you have SuSEfirewall installed for ipchains look in
/usr/share/doc/packages/SuSEfirewall/EXAMPLES
----- Original Message -----
From: "Fiorenza Meini"
interface which has the public address) is redirected to our real POP3 server, which is on a local intranet. I installed Linux 7.2. I connect successfully to the port 110 of linux box, but as I'm connected the connection is closed. Probably it is a configuration mistake.
Thanks
Fiorenza Robinson s.r.l
This is the xinetd.conf file
# # xinetd.conf # # Copyright (c) 1998-99 SuSE GmbH Nuernberg, Germany. #
defaults { log_type = FILE /var/log/xinetd.log log_on_success = HOST EXIT DURATION log_on_failure = HOST ATTEMPT RECORD only_from = 10.10.3.7 10.10.3.4 instances = 2
# # The specification of an interface is interesting, if we are on a firewall. # For example, if you only want to provide services from an internal # network interface, you may specify your internal interfaces IP-Address. # # interface = 127.0.0.1 interface = 10.10.1.6 #
# # If you want to enable one of the following services, you only have to # comment it out. After that, send SIGUSR1 to xinetd to force a # reload of it's configuration #
# disabled = ftp disabled = rstatd # disabled = telnet disabled = shell disabled = login disabled = finger # disabled = pop3 disabled = comsat disabled = ntalk disabled = talk disabled = discard disabled = chargen disabled = daytime disabled = time disabled = echo disabled = daytime disabled = time disabled = smtp disabled = ident
}
## ## Now the definitions of the different services ## ##
service ftp { # # Because we use wu.ftpd, we set instances to UNLIMITED. # wu.ftpd manages the amount of users himself. # socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.ftpd # server_args = -a instances = UNLIMITED }
service telnet { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/in.telnetd server_args = -n only_from = 10.10.3.7 10.10.3.4 no_access = } service pop3 { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/ipop3d server_args = -s redirect = mail.robinson.it 110 only_from = 10.10.3.7 10.10.3.4 }
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Alex Levit
-
Fiorenza Meini
-
Yuri Robbers