Section 9.4:Additional Resources
This feature is particularly useful for users with broadband connections and only one fixed IP address.
When using Network Address Translation (NAT), the systems behind the gateway machine, which are
using internal-only IP addresses, are not available from outside the gateway system. However, when
certain services controlled by xinetd are configured with the bind and redirect options, the
gateway machine can act as a type of proxy between outside systems and a particular internal machine
configured to provide the service. In addition, the various xinetd access control and logging options
are also available for additional protection, such as limiting the number of simultaneous connections
for the redirected service.
9.4 Additional Resources
Additional information concerning TCP wrappers and xinetd is available on your system and on
the Web.
9.4.1 Installed Documentation
The bundled documentation on your system is a good place to start looking for additional TCP Wrap-
pers, xinetd, and access control configuration options.
•
/usr/share/doc/tcp_wrappers- <version> — Contains a README file that discusses
how TCP wrappers work and the various hostname and host address spoofing risks that exist.
•
/usr/share/doc/xinetd- <version> — Includes a README file that discusses aspects
of access control and a sample.conf file with various ideas for modifying /etc/xinetd.d
service configurations.
•
For detailed information concerning the creation of TCP wrapper access control rules, read the
hosts_access (section 5) and hosts_options man pages.
•
The xinetd and xinetd.conf man pages contain additional information for creating
xinetd configuration files and a description of how xinetd works.
9.4.2 Useful Websites
•
http://www.xinetd.org — The home of xinetd, containing sample configuration files, a full
listing of features, and an informative FAQ.
•
http://www.macsecurity.org/resources/xinetd/tutorial.shtml — A thorough tutorial that discusses
many different ways to tweak default xinetd configuration files to meet specific security goals.
155