<html><head><meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /></head><body bgcolor="#FFFFFF" text="#000000"><p dir="ltr">Thanks, Rick. Makes sense.</p>
<p dir="ltr">So... if I want to accept FTP connections only from my computer at home, then that is something that would be done in iptables or some other firewall. And would, of course, require that my computer at home use the expected IP address when pinging the appropriate port.</p>
<br><br><div class="gmail_quote">On April 19, 2015 3:29:04 PM EDT, Rick Hornsby <richardjhornsby@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br />
<br />
Steve VanSlyck wrote:
<blockquote cite="mid:1429461318.3645835.255729029.07CCDDC0@webmail.messagingengine.com" type="cite">
<pre wrap="">Hi guys.
A popular site on the web says, "By default the Salt master listens on
ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a
specific IP, redefine the "interface" directive in the master
configuration file...."
What does "interface" mean in this context?</pre>
</blockquote>
<br />
Generally in this context interface means the IP address(es) of your
server. You can bind to 127.0.0.1, which would only listen for traffic
on the loopback interface. Nothing on your LAN (and the WAN) would be
able to reach the service. If you set it to your ethX/enX IP address,
the service would listen for traffic bound for just that address.<br />
<br />
Most of the time you can allow the service to bind to all interfaces
(0.0.0.0) without any problems. The default in this case is probably
fine.<br />
<br />
It is a little bit confusing because normally we think of the interface
as the piece of hardware with the MAC address. Here interface means,
essentially, IP address.<br />
<br />
<pre wrap=""><blockquote type="cite"><span><pre wrap="">Does this mean that salt can be configured to listen on these to ports
only from requests that identify themselves as coming /from/ a
particular IP address, or which are addressed /to/ a particular IP
address (i.e., the IP address of the system Salt is installed on), or
does it mean something self.</pre></span></blockquote>
</pre>
To a particular destination IP address -- on the host on which Salt is
running.<br />
<br />
Interface binding in this context is not related to the source address.<br />
<br />
<br />
rhornsby@archer:~ $ netstat -anl | grep LISTEN<br />
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN<br />
tcp 0 0 127.0.0.1:6010 0.0.0.0:*
LISTEN<br />
tcp 0 0 0.0.0.0:445 0.0.0.0:*
LISTEN<br />
<br />
<br />
This shows 3 services that are listening for traffic on ports 22, 6010,
and 445.<br />
<br />
Whatever is listening on 6010 is *only* listening on 127.0.0.1. This
might be referred to as "bound to the loopback interface". Traffic from
any host except archer (localhost) destined for port 6010 will fail.
Ports 22 (ssh), and 445 (smbd) are listening for traffic on any
interface (IP address).<br />
<br />
When might you want to bind to a specific interface? If you have a
computer with multiple IP addresses or attached to multiple networks,
and you don't want to listen for traffic from all networks. Another
example - if I have an HTTP server (port 80) that I'm only using locally
I might bind it to 127.0.0.1 so that no one on the rest of the network
or the Internets could get to it.<br />
<br />
<span>-rick</span><br />
<span style="font-family: monospace;"><br />
</span>
<p style="margin-top: 2.5em; margin-bottom: 1em; border-bottom: 1px solid #000"></p><pre class="k9mail"><hr /><br />colug-432 mailing list<br />colug-432@colug.net<br /><a href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</a><br /></pre></blockquote></div></body></html>