kif
02-06-2003, 05:50 PM
I've just installed RH 8.0 to act as a gateway for my home LAN and I'm now doing the basic security thing - closing all the ports not in use, and setting the ones that are to only bind to the LAN interfaces.
I'm almost done, but I've a couple of questions about services that I can't seem to set to ignore the external interface.
- In named.conf I've set listen-on to the local interfaces. But, while netstat shows that it is bound to them on 53/tcp and 53/udp, it still reports named as also listening on 1024/udp. Am I missing something, or does named need this extra udp port open?
- I'm also running samba, and in smb.conf I've again set the interfaces to the local net and set "bind interfaces only" as well. Netstat (and fuser) shows me that the smbd bit of samba is bound only to my LAN on 139/tcp but that nmbd is bound twice on both 137/udp and 138/udp - once to the local interfaces and again on all interfaces. How can I get rid of the extra bindings?
Why is tcp behaving as I want it to, but not udp? Why do we need both protocols anyway?
cheers
I'm almost done, but I've a couple of questions about services that I can't seem to set to ignore the external interface.
- In named.conf I've set listen-on to the local interfaces. But, while netstat shows that it is bound to them on 53/tcp and 53/udp, it still reports named as also listening on 1024/udp. Am I missing something, or does named need this extra udp port open?
- I'm also running samba, and in smb.conf I've again set the interfaces to the local net and set "bind interfaces only" as well. Netstat (and fuser) shows me that the smbd bit of samba is bound only to my LAN on 139/tcp but that nmbd is bound twice on both 137/udp and 138/udp - once to the local interfaces and again on all interfaces. How can I get rid of the extra bindings?
Why is tcp behaving as I want it to, but not udp? Why do we need both protocols anyway?
cheers