restrict implicit binding to interfaces

---

• From: Wolfgang Draxinger <wdraxinger@xxxxxxxxxxxxxxxx>
• Date: Wed, 29 Oct 2008 12:13:25 +0100

---

Say I have 4 interfaces, eth0, eth1, tun0, ppp0. On the system
there are to be running several deamons, which shall be bound to
all interfaces, except ppp0. One way to do this, is binding them
explicitly to eth{0,1}, tun0 only. If however a program is
hardcoded to be bound to all interfaces or the configuration
code has a bug, then it might be bound to ppp0, too, which is,
what I want to prevent.

Also Say I have some daemon, which shall listen on ppp0, so just
closing of ppp0 using iptables is not what I want.

How can I do that, I mean: If a program requests to be bound to a
certain interface explicitly, then and only then it bound to
that interface. Otherwise it's just bound implicitly to the not
restricted interfaces.

Any ideas?

In the particular case it's a proxy server (the deamon is not
buggy, so explicit binding works, but I'd like to have some
fallback). Squid shall listen only to the internal network, so
it can't be abused from outside. But there's a also a OpenVPN
running for incomming connections, to enable a route to the
storage server which won't permit incomming connections from the
internet. And then the system shall be also ordinary router,
routing traffic into the subnet (which is a public IP address
space). I know, that using paravirtualization and some network
trickery would do the trick, but I'd like to do it on a single
logical host.

However I considered to use a small UML process, that would
contain the ppp0 device, so that this one has it's own router.

Wolfgang Draxinger
--
E-Mail address works, Jabber: hexarith@xxxxxxxxxx, ICQ: 134682867

.

---

• Follow-Ups:
  • Re: restrict implicit binding to interfaces
    • From: David Schwartz

• Prev by Date: Re: One web server, multiple domains; a slight twist
• Next by Date: Re: One web server, multiple domains; a slight twist
• Previous by thread: Exec Command sending a SMS
• Next by thread: Re: restrict implicit binding to interfaces
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Making PPP device persist, even after lost connection? ... They don't go away when the connection drops and ppp0 is destroyed. ... FWIW I set my rules before networking ... For me, networking also means creating 802.1q interfaces, so I ... Routing info is dropped when a device goes away, ... (comp.os.linux.networking) usage of "ifup ppp0" as opposed to "pon" ... post-down commands in the /etc/network/interfaces file to execute my ... But "ifdown ppp0" says: ... ppp0 section in interfaces file, I will be without my firewall till I ... iface lo inet loopback ... (comp.os.linux.networking) usage of "ifup ppp0" as opposed to "pon" ... post-down commands in the /etc/network/interfaces file to execute my ... But "ifdown ppp0" says: ... ppp0 section in interfaces file, I will be without my firewall till I ... iface lo inet loopback ... (Debian-User) Re: Etch desktop: switching between ppp and ethernet network connections ... interfaces. ... All I get is a "Could not enable interface ppp0". ... They work if eth0 is not set as auto while ppp is set as auto. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: [PATCH RFC] [1/9] Core module symbol namespaces code and intro. ... that explicit mechanisms are better than implicit contracts. ... is very hard with thousands of exported symbol. ... There are still classes of drivers. ... use interfaces that are really generic driver interfaces and fairly stable ... (Linux-Kernel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)