Re: [Obsbox-devel] bind management port to 127.0.0.1
Brought to you by:
lovegnome,
mayhemchaos
From: Robert K. <ro...@eo...> - 2002-11-04 21:27:41
|
On Mon, 2002-11-04 at 05:43, Kristoff Bonne wrote: > For the time being, it seams to work OK. (I use it because I'm a network > engineer at an ISP here in Belgium and I need a test-application for IP > multicasting and IP-multicast peering with other ISPs). Cool! > As the box is connected on the 'unprotected internet'; I'm a bit worried > about the management-port service (at TCP port 4420). > The way it is configured, it seams to be 'wide open' for anybody to > connect to. > Is it possible to configure obsbox that it is 'bind' to IP-address > 127.0.0.1 (so you can only connect to it; when using that IP_address; so > -in this case- only when you are on the box itself). You can do this in one of two ways: 1. Use tcp_wrappers to restrict who accesses the port outside of changing the code in Obseqieum. I think this is the preferred method for doing this -- its the most flexible. 2. Do as you suggest and hack the Obs to code to only listen on one IP: > I've been browsing throu the code-source but I'm not a C++ programmer; > so I'm a bit lost. But, I know that in "standard" C; using the 'standard > socket-library' when you set up a 'listening TCP-socket' it is possible to > define to what IP_address/interface it is bound to. > > Is there somewhere an option to (either) configure this into the code; or > can somebody say where I can change this? In this case C++ is not any different from C -- its uses the same socket calls. Check out net/Server.cpp line 92 -- I believe you could set sa.sin_addr to 127.0.0.1 and it should restrict it to that port. I think. :-) -- --ruaok We're all going to hell. But first we're going to Burning Man! Robert Kaye -- ro...@eo... -- http://www.mayhem-chaos.net |