Red Hat ENTERPRISE LINUX 3 Reference Manual page 268

250
}
In this example, when client system from the 10.0.1.0/24 network, such as 10.0.1.2, tries to access the
Telnet service, it receives a message stating the following message:
Connection closed by foreign host.
In addition, their login attempts are logged in
May 15 17:38:49 boo xinetd[16252]: START: telnet pid=16256 from=10.0.1.2
May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=10.0.1.2
May 15 17:38:49 boo xinetd[16252]: EXIT: telnet status=0 pid=16256
When using TCP wrappers in conjunction with
the relationship between the two access control mechanisms.
The following is the order of operations followed by
1. The daemon accesses the TCP wrappers hosts access rules through a
xinetd
brary call. If a deny rule matches the client host, the connection is dropped. If an allow rule
matches the client host, the connection is passed on to
2. The daemon checks its own access control rules both for the
xinetd
requested service. If a deny rule matches the client host the connection is dropped. Otherwise,
starts an instance of the requested service and passes control of the connection to it.
xinetd
Important
Care should be taken when using TCP wrappers access controls in conjunction with
controls. Misconfiguration can cause undesired effects.
16.4.3.3. Binding and Redirection Options
The service configuration files for
incoming requests for that service to another IP address, hostname, or port.
Binding is controlled with the
service to one IP address on the system. Once configured, the
the proper IP address to access the service. This way different services can be bound to different
network interfaces based on need.
This is particularly useful for systems with multiple network adapters or with multiple IP addresses
configured. On such a system, insecure services, like Telnet, can be configured to listen only on the
interface connected to a private network and not to the interface connected with the Internet.
The option accepts an IP address or hostname followed by a port number. It configures
redirect
the service to redirect any requests for this service to the specified host and port number. This feature
can be used to point to another port number on the same system, redirect the request to different IP
address on the same machine, shift the request to a totally different system and port number, or any
combination of these options. In this way, a user connecting to certain service on a system may be
rerouted to another system with no disruption.
The daemon is able to accomplish this redirection by spawning a process that stays alive for
xinetd
the duration of the connection between the requesting client machine and the host actually providing
the service, transferring data between the two systems.
/var/log/secure
xinetd
support binding the service to an IP address and redirecting
xinetd
option in the service-specific configuration files and links the
bind
Chapter 16. TCP Wrappers and
as follows:
access controls, it is important to understand
when a client requests a connection:
xinetd
.
xinetd
option only allows requests for
bind
xinetd
libwrap.a
service and the
xinetd
access
xinetd
li-