Re: restrict implicit binding to interfaces

---

• From: David Schwartz <davids@xxxxxxxxxxxxx>
• Date: Fri, 31 Oct 2008 12:44:11 -0700 (PDT)

---

On Oct 31, 10:39 am, Rick Jones <rick.jon...@xxxxxx> wrote:

One example of where a strong end system model might be useful would
be a DMZ system.  You might not want a server bound to the "internal
IP" to receive traffic routed via the external interface.  So, if the
strong end system model is active, it will only accept datagrams
destined to the internal IP on the "internal" interface.

Right, but then you'd be trusting the service to bind to the right
place. If you could trust the service to manage its own security, why
wouldn't you want it bound to the external interface?

There are of course other ways to arrive at the same end condition -
configure the server application to only accept connections from a
configured range of intenal IP addresses, or setup firewall rules to
drop datagrams arriving on the external interface with the internal IP
as the destination - of course that last one is simply using the
firewall rules to make the system behave as if it were using the
strong end system model :)

Since a firewall is both necessary and sufficient, what does the
strong end system model add?

DS
.

---

• Follow-Ups:
  • Re: restrict implicit binding to interfaces
    • From: Rick Jones

• References:
  • restrict implicit binding to interfaces
    • From: Wolfgang Draxinger
  • Re: restrict implicit binding to interfaces
    • From: David Schwartz
  • Re: restrict implicit binding to interfaces
    • From: Rick Jones
  • Re: restrict implicit binding to interfaces
    • From: David Schwartz
  • Re: restrict implicit binding to interfaces
    • From: Rick Jones
  • Re: restrict implicit binding to interfaces
    • From: David Schwartz
  • Re: restrict implicit binding to interfaces
    • From: Rick Jones
  • Re: restrict implicit binding to interfaces
    • From: David Schwartz
  • Re: restrict implicit binding to interfaces
    • From: Rick Jones

• Prev by Date: Re: accessing Linksys DHCP Client Table
• Next by Date: Re: restrict implicit binding to interfaces
• Previous by thread: Re: restrict implicit binding to interfaces
• Next by thread: Re: restrict implicit binding to interfaces
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: restrict implicit binding to interfaces ... ?You might not want a server bound to the "internal ... IP" to receive traffic routed via the external interface. ... If I have a strong end system model all I have to do is ... configured range of intenal IP addresses, or setup firewall rules to ... (comp.os.linux.networking) Re: restrict implicit binding to interfaces ... One example of where a strong end system model might be useful would ... You might not want a server bound to the "internal ... IP" to receive traffic routed via the external interface. ... configured range of intenal IP addresses, or setup firewall rules to ... (comp.os.linux.networking) natd question ... i am running freebsd 4.6.2. ... which is the external interface and connects to a router which connects ... enabled natd on the machine, but still cannot get packets out when on ... natd is running and checked the firewall rules to make sure the natd ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2008-10