On Wed, Oct 10, 2001 at 06:57:20PM -0400, Mike Dresser wrote: [...] > > What about configuring services to listen only on one _specific_ > > interface/ip? (In your case Y) So you perhaps don't have to take care about > > an confusing firewall setup... hiding services is not the way[tm] to make or > > keep a network secure. > Problem is the interface can vary, cause pppd isn't guaranteed to pickup > the same ppp0/ppp1/etc.
You don't have to bind on the dynamic (external) interface. The address of the internal one shouldn't change, right? So tell your services to bind this IP/interface. > I agree fully, problem is I don't think things like telnet, netbios, etc > etc are going to all let me pick an interface/ip. netbios/samba does. If you're a superserver like x?inetd then look wheather they can restrict access/bindings. I think that at least xinetd can. Greetings.
