Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual page 347

service to one IP address on the system. Once configured, the
for the proper IP address to access the service. In this way, different services can be bound to
different network interfaces based on need.
This is particularly useful for systems with multiple network adapters or with multiple IP
addresses configured. On such a system, insecure services, like Telnet, can be configured to
listen only on the interface connected to a private network and not to the interface connected
with the Internet.
The option accepts an IP address or hostname followed by a port number. It
redirect
configures the service to redirect any requests for this service to the specified host and port
number. This feature can be used to point to another port number on the same system, redirect
the request to different IP address on the same machine, shift the request to a totally different
system and port number, or any combination of these options. In this way, a user connecting to
certain service on a system may be rerouted to another system with no disruption.
The daemon is able to accomplish this redirection by spawning a process that stays
xinetd
alive for the duration of the connection between the requesting client machine and the host
actually providing the service, transferring data between the two systems.
But the advantages of the
used together. By binding a service to a particular IP address on a system and then redirecting
requests for this service to a second machine that only the first machine can see, an internal
system can be used to provide services for a totally different network. Alternatively, these
options can be used to limit the exposure of a particular service on a multi-homed machine to a
known IP address, as well as redirect any requests for that service to another machine specially
configured for that purpose.
For example, consider a system that is used as a firewall with this setting for its Telnet service:
service telnet { socket_type = stream wait = no server =
/usr/sbin/in.telnetd log_on_success += DURATION USERID log_on_failure +=
USERID bind = 123.123.123.123 redirect = 10.0.1.13 23 }
The and
bind redirect
bound to the external IP address (123.123.123.123), the one facing the Internet. In addition, any
requests for Telnet service sent to 123.123.123.123 are redirected via a second network
adapter to an internal IP address (10.0.1.13) that only the firewall and internal systems can
access. The firewall then send the communication between the two systems, and the
connecting system thinks it is connected to 123.123.123.123 when it is actually connected to a
different machine.
This feature is particularly useful for users with broadband connections and only one fixed IP
address. When using Network Address Translation (NAT), the systems behind the gateway
machine, which are using internal-only IP addresses, are not available from outside the gateway
system. However, when certain services controlled by
options, the gateway machine can act as a proxy between outside systems and a
redirect
particular internal machine configured to provide the service. In addition, the various
and
bind redirect
options in this file ensures that the Telnet service on the machine is
Altering
xinetd
bind
options are most clearly evident when they are
are configured with the
xinetd
Configuration Files
option only allows requests
bind
xinetd
and
323