46.5. The Director of Operations: inetdinetd is the primary manager of Internet services on most Unix installations. Its job is to listen on a selection of ports (Section 46.1) and start up the appropriate server when a connection comes in. This frees servers that run under inetd from having to deal directly with networking issues and sockets. inetd is configured via /etc/inetd.conf , which lists all the ports inetd should manage, the server associated with each port, and any special options for that server. For specific details, read the manpage, inetd.conf(5). As an example, here are a few fairly standard entries from inetd.conf on my FreeBSD system: ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l telnet stream tcp nowait root /usr/libexec/telnetd telnetd finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot A common package included in many inetd distributions (and easily added to others) is called tcp_wrappers . tcp_wrappers allows you to create access rules to control incoming connections (generally stored in /etc/hosts.allow) and deny connections from unauthorized hosts. This can be very handy even for machines behind a firewall (Section 46.12), as it provides extra security by guaranteeing that certain kind of connections will not be allowed into your machine. As an example, my home firewall allows SMTP (Section 46.8) and SSH (Section 46.6) connections in, but my hosts.allow denies connections from hosts that cannot be reverse resolved (Section 46.9), thus requiring a certain level of legitimacy before my machine will talk to a host. -- DJPH Copyright © 2003 O'Reilly & Associates. All rights reserved. |
|