XINETD Steering function

What is XINETD?

We must be familiar with the inetd known as the Super server, which realizes the control to the host network connection. When a request arrives at a service port managed by inetd, inetd forwards the request to a program named TCPD. TCPD According to the configuration file hosts. {Allow, deny} to determine whether the request is allowed to be served. If the request is allowed then the appropriate server program (such as: FTPD, telnetd) will be started. This mechanism is also known as Tcp_wrapper.

XINETD (eXtended InterNET Services Daemon) provides inetd+tcp_wrapper-like functionality, but is more powerful and secure. It can offer the following features:

* Support for TCP, UCP, RPC service (but current support for RPC is not stable)

* Time-period-based access control

* Full-featured log function, which can record connection success or record connection failure behavior

* Can effectively prevent Dos attacks (denial of Services)

* The number of servers that can limit the type of consent to run concurrently

* Can limit the number of servers to start

* Can limit log file size

* Bind a service to a specific system interface to allow only private networks to access a service

* Can be implemented as a proxy for other systems. If combined with IP spoofing, access to the internal private network can be achieved

Its biggest disadvantage is the instability of RPC support, but it can start protmap and coexist with xinetd to solve this problem

XINETD Steering Function Example

This function can forward the client's request to another host to process.

As I here intranet 192.168.18.204 need to go through the springboard 172.26.184.240 to call the mail server 172.26.10.12, can be implemented as follows: Springboard 172.26.184.240 configuration xinetd, listening on port 25, when the client requests come over, forward the request to the mail server 172.26.10.12 processing. The configuration method is as follows:

172.26.184.240 Configuration on Springboard

Vi/etc/xinetd.d/smtp-relay

service smtp-relay{    disable = no    flags        = REUSE    socket_type      = stream    wait             = no    user             = root    bind             = 0.0.0.0    port             = 2525    only_from        = 192.168.18.0/24    no_access       =  192.168.18.11    access_time     = 00:00-23:59     redirect         = 172.26.10.12 25} 

Vi/etc/services, locate the row for Port 2525 and change to the following line:

Smtp-relay 2525/tcp # smtp-relaysmtp-relay 2525/UDP # Smtp-relay

Restart XINETD Service

Service xinetd Restart

In this way, the intranet 192.168.18.204 can send mail by calling the 2525 port on the springboard 172.26.184.240.

This article is from the "Fire" blog, so be sure to keep this source http://fire7758.blog.51cto.com/993821/1562537

XINETD Steering function