start page | rating of books | rating of authors | reviews | copyrights

Unix Power ToolsUnix Power ToolsSearch this book

46.5. The Director of Operations: inetd

inetd is the primary manager of Internet services on most Unix installations. Its job is to listen on a selection of ports (Section 46.1) and start up the appropriate server when a connection comes in. This frees servers that run under inetd from having to deal directly with networking issues and sockets.

inetd is configured via /etc/inetd.conf , which lists all the ports inetd should manage, the server associated with each port, and any special options for that server. For specific details, read the manpage, inetd.conf(5). As an example, here are a few fairly standard entries from inetd.conf on my FreeBSD system:

ftp     stream  tcp  nowait       root    /usr/libexec/ftpd      ftpd -l
telnet  stream  tcp  nowait       root    /usr/libexec/telnetd   telnetd
finger  stream  tcp  nowait/3/10  nobody  /usr/libexec/fingerd   fingerd -s
tftp    dgram   udp  wait         nobody  /usr/libexec/tftpd     tftpd /tftpboot

A common package included in many inetd distributions (and easily added to others) is called tcp_wrappers . tcp_wrappers allows you to create access rules to control incoming connections (generally stored in /etc/hosts.allow) and deny connections from unauthorized hosts. This can be very handy even for machines behind a firewall (Section 46.12), as it provides extra security by guaranteeing that certain kind of connections will not be allowed into your machine. As an example, my home firewall allows SMTP (Section 46.8) and SSH (Section 46.6) connections in, but my hosts.allow denies connections from hosts that cannot be reverse resolved (Section 46.9), thus requiring a certain level of legitimacy before my machine will talk to a host.

-- DJPH



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.