Re: restrict implicit binding to interfaces

---

• From: David Schwartz <davids@xxxxxxxxxxxxx>
• Date: Wed, 29 Oct 2008 14:09:01 -0700 (PDT)

---

On Oct 29, 4:13 am, Wolfgang Draxinger <wdraxin...@xxxxxxxxxxxxxxxx>
wrote:

How can I do that, I mean: If a program requests to be bound to a
certain interface explicitly, then and only then it bound to
that interface. Otherwise it's just bound implicitly to the not
restricted interfaces.

Programs don't bind to interfaces. Your question doesn't make any
sense.

In the particular case it's a proxy server (the deamon is not
buggy, so explicit binding works, but I'd like to have some
fallback). Squid shall listen only to the internal network, so
it can't be abused from outside.

Programs don't listen to networks. Again, your question doesn't make
any sense.

But there's a also a OpenVPN
running for incomming connections, to enable a route to the
storage server which won't permit incomming connections from the
internet. And then the system shall be also ordinary router,
routing traffic into the subnet (which is a public IP address
space). I know, that using paravirtualization and some network
trickery would do the trick, but I'd like to do it on a single
logical host.

However I considered to use a small UML process, that would
contain the ppp0 device, so that this one has it's own router.

Can you state precisely what it is you are trying to do? What is the
rule for whether a connection should or should not be allowed to the
proxy?

You seem to be under the misconception that addresses belong to
interfaces. They don't under Linux, they belong to the machine as a
whole. When you bind to an address, you accept packets sent to that
address regardless of what interface they arrive on. Otherwise, it
would be impossible to set up a functional router.

DS
.

---

• Follow-Ups:
  • Re: restrict implicit binding to interfaces
    • From: Maxwell Lol
  • Re: restrict implicit binding to interfaces
    • From: Rick Jones
  • Re: restrict implicit binding to addresses
    • From: Wolfgang Draxinger
  • Re: restrict implicit binding to interfaces
    • From: Allen Kistler

• References:
  • restrict implicit binding to interfaces
    • From: Wolfgang Draxinger

• Prev by Date: Re: One web server, multiple domains; a slight twist
• Next by Date: BIND -- can't register nameserver
• Previous by thread: restrict implicit binding to interfaces
• Next by thread: Re: restrict implicit binding to interfaces
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Networks and wireless etc ... When bind() assigns an interface that contradicts the routing table the ... "For a sending host, if the source address is specified by the sending ... (microsoft.public.win32.programmer.networks) Re: Re[6]: mpd pppoe client problems ... I used to use ipfw as a firewall.. ... and natd makes too heavy cpu load. ... your interface goes up. ... How can I make those applications bind to the new ... (freebsd-net) Re: [RFC] ip / ifconfig redesign ... I'm only guessing since I'm not entirely sure what Mr. Boldi means, ... but my guess is that he's proposing that an app can bind to an IP ... interface and then later if that IP does get assigned to an interface ... another one without apps noticing. ... (Linux-Kernel) Re: updating rules after IP address change ... Bind to an interface you are fine ... Understanding the ISA 2004 Access Rule Processing ... Microsoft ISA Server Partners: Partner Hardware Solutions ... (microsoft.public.isa) Re: New http attack? ... Isn't "-i 0.0.0.0" telling tftp to what interface to bind? ... On Thu, 9 Jun 2005, Ron wrote: ... >> Kirby Angell ... (Incidents)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)