Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 3 Dec 2002 10:41:01 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        FreeBSD Questions <FreeBSD-questions@FreeBSD.ORG>
Subject:   Re: dhclient & dhcpd bind to address
Message-ID:  <20021203104101.GB71336@happy-idiot-talk.infracaninophi>
In-Reply-To: <20021203100543.GA21943@rock.stable.ch>
References:  <20021203100543.GA21943@rock.stable.ch>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Dec 03, 2002 at 11:05:43AM +0100, Thomas Spreng wrote:

> i'm just trying to set up some jails on my master machine. According
> to the man page, you have to change daemons from listening to all
> local addresses. I have done this for every tcp port that is listed
> within the netstat command. But i'm having problems with some daemons
> that are listening for udp packets on all interfaces.
> netstat -na:
> 
> udp4       0      0  *.68                   *.*
> udp4       0      0  *.67                   *.* 
> 
> these ports are used by dhcpd (isc-dhcpd) and dhclient. Has anyone ever
> managed to make those two programs only listen on a specific interface?
> 
> PS: both daemons are run with an interface name as a command line argument
>     that should make them only listen on that one:
>     /usr/local/sbin/dhcpd fxp0
>     /sbin/dhclient fxp1

Yes.  Your jail should still work, except that you won't be able to
run any processes within it that bind to UDP ports 67 or 68.  As you
can't run dhclient from within a jail and I don't think that running
dhcpd within a jail would be a particularly good idea either, that
shouldn't cause you any noticable grief.

dhcpd is not the only culprit.  I never could get named(8) to stop
binding to UDP port 1024, even though I've managed to restrict all
it's TCP traffic to specific interfaces.  Neither can I make ntpd(8)
listen on a specific interface.  However, this has not deleteriously
affected the jail(8) I'm running.  I could in theory use 'ntpq' or
'ntpdc' from within the jail to sabotage the ntpd setup on the local
machine, except that the jail doesn't have the right ntp.keys file for
that sort of access.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021203104101.GB71336>