Forum Discussion

Foxtrot_Lima's avatar
16 years ago

Configure vnetd to listen on specifik network interface

I have a SLES 10 linux client with two network interfaces. One is connected to internet and one is backup lan.

Is it possible to configure vnet to only listen on the backup lan interface? I know you can do that with a firewall, but want to know if it's possible to not even get the vnet daemon started on the internet interface?

Thanks
Fredrik
  • I don't think you can limit the ports vnetd listen to. But you can use iptables to filter/firewal off the internet.

    From the man :

    IPTABLES(8)                                                                                          IPTABLES(8)



    NAME
           iptables - administration tool for IPv4 packet filtering and NAT

    SYNOPSIS
           iptables [-t table] -[AD] chain rule-specification [options]
           iptables [-t table] -I chain [rulenum] rule-specification [options]
           iptables [-t table] -R chain rulenum rule-specification [options]
           iptables [-t table] -D chain rulenum [options]
           iptables [-t table] -[LFZ] [chain] [options]
           iptables [-t table] -N chain
           iptables [-t table] -X [chain]
           iptables [-t table] -P chain target [options]
           iptables [-t table] -E old-chain-name new-chain-name

    DESCRIPTION
           Iptables  is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux ker
           nel.  Several different tables may be defined.  Each table contains a number of built-in chains  and  may
           also contain user-defined chains.

           Each  chain  is  a list of rules which can match a set of packets.  Each rule specifies what to do with a
           packet that matches.  This is called a `target', which may be a jump to a user-defined chain in the  same
           table.



  • I know this can be done with iptables, but still want to know if there's any configure options for vnetd or xinitd.
  • The technotes should be the first place to go when needing assitance
  • Okay, this is how it's done.

    in /etc/xinetd.config file add
    interface = <IP of desired interface>

    or this can be done in the config file for the desired service under /etc/xinetd.d/