[colug-432] 0.0.0.0.
Steve VanSlyck
s.vanslyck at postpro.net
Sun Apr 19 15:40:37 EDT 2015
Thanks, Rick. Makes sense.
So... if I want to accept FTP connections only from my computer at home, then that is something that would be done in iptables or some other firewall. And would, of course, require that my computer at home use the expected IP address when pinging the appropriate port.
On April 19, 2015 3:29:04 PM EDT, Rick Hornsby <richardjhornsby at gmail.com> wrote:
>
>
>Steve VanSlyck wrote:
>> Hi guys.
>>
>> A popular site on the web says, "By default the Salt master listens
>on
>> ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a
>> specific IP, redefine the "interface" directive in the master
>> configuration file...."
>>
>> What does "interface" mean in this context?
>
>Generally in this context interface means the IP address(es) of your
>server. You can bind to 127.0.0.1, which would only listen for traffic
>
>on the loopback interface. Nothing on your LAN (and the WAN) would be
>able to reach the service. If you set it to your ethX/enX IP address,
>the service would listen for traffic bound for just that address.
>
>Most of the time you can allow the service to bind to all interfaces
>(0.0.0.0) without any problems. The default in this case is probably
>fine.
>
>It is a little bit confusing because normally we think of the interface
>
>as the piece of hardware with the MAC address. Here interface means,
>essentially, IP address.
>
>> Does this mean that salt can be configured to listen on these to
>ports
>> only from requests that identify themselves as coming /from/ a
>> particular IP address, or which are addressed /to/ a particular IP
>> address (i.e., the IP address of the system Salt is installed on), or
>> does it mean something self.
>
>To a particular destination IP address -- on the host on which Salt is
>running.
>
>Interface binding in this context is not related to the source address.
>
>
>rhornsby at archer:~ $ netstat -anl | grep LISTEN
>tcp 0 0 0.0.0.0:22 0.0.0.0:*
>LISTEN
>tcp 0 0 127.0.0.1:6010 0.0.0.0:*
>LISTEN
>tcp 0 0 0.0.0.0:445 0.0.0.0:*
>LISTEN
>
>
>This shows 3 services that are listening for traffic on ports 22, 6010,
>
>and 445.
>
>Whatever is listening on 6010 is *only* listening on 127.0.0.1. This
>might be referred to as "bound to the loopback interface". Traffic
>from
>any host except archer (localhost) destined for port 6010 will fail.
>Ports 22 (ssh), and 445 (smbd) are listening for traffic on any
>interface (IP address).
>
>When might you want to bind to a specific interface? If you have a
>computer with multiple IP addresses or attached to multiple networks,
>and you don't want to listen for traffic from all networks. Another
>example - if I have an HTTP server (port 80) that I'm only using
>locally
>I might bind it to 127.0.0.1 so that no one on the rest of the network
>or the Internets could get to it.
>
>-rick
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>colug-432 mailing list
>colug-432 at colug.net
>http://lists.colug.net/mailman/listinfo/colug-432
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150419/926eb9a1/attachment.html
More information about the colug-432
mailing list