Subject: | |
From: | |
Reply To: | |
Date: | Mon, 17 May 1999 12:49:00 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
We have a machine that we want to use for some testing. Because of the
nature of the software we are testing, we want to prevent any outbound
connections, file transfer, etc. to other machines on our network. Inbound
is OK. By stopping selected services, I was able to achieve this goal. I
used a rather broad brush though and neither Apache/iX nor Samba/iX will
work in this restricted environment. The catch is I want Apache/iX and
Samba/iX to continue working. Yes, I know, I want to have my cake and eat it
too.
I realize I may have to compromise on some things to keep Apache and Samba
working. But in order to do that, I have to determine what services each
requires. Short of exhaustively testing all combinations, does anyone know
which network services Apache/iX and Samba/iX use? Or at least make a better
educated guess than I have been able to make?
NSCONTROL STATUS shows (among other things):
SERVICE TYPE SERVER DESCRIPTION
SIASQL REMOTE IASQLSVR INCOMING STREAM MODE INFORMATION ACCESS/SQL
VTA REMOTE VTSERVER INCOMING STREAM MODE VIRTUAL TERMINAL
HPIP REMOTE HPIPNS INCOMING CLIENT/SERVER ALLBASE SERVICE
IASQL REMOTE IASQLSVR INCOMING INFORMATION ACCESS/SQL
NSSTATL LOCAL NSSTATUS OUTGOING NSSTATUS SERVICE
NSSTAT REMOTE NSSTATUS INCOMING NSSTATUS SERVICE
HCS REMOTE HCSERVER INCOMING COOPERATIVE SERVICE
LOOPBACK REMOTE LOOPBACK INCOMING LOOPBACK SERVICE
RPML LOCAL DSSERVER OUTGOING REMOTE PROCESS MANAGEMENT
RPM REMOTE DSSERVER INCOMING REMOTE PROCESS MANAGEMENT
PTOPL LOCAL DSSERVER OUTGOING PROGRAM-TO-PROGRAM COMMUNICATION
PTOP REMOTE DSSERVER INCOMING PROGRAM-TO-PROGRAM COMMUNICATION
RFAL LOCAL DSSERVER OUTGOING REMOTE FILE ACCESS
RFA REMOTE RASERVER INCOMING REMOTE FILE ACCESS
NFTL LOCAL NFT OUTGOING NETWORK FILE TRANSFER
NFT REMOTE NFT INCOMING NETWORK FILE TRANSFER
VTRL LOCAL VTSERVER OUTGOING REVERSE VIRTUAL TERMINAL
VTR REMOTE VTSERVER INCOMING REVERSE VIRTUAL TERMINAL
VTL LOCAL VTSERVER OUTGOING VIRTUAL TERMINAL
VT REMOTE VTSERVER INCOMING VIRTUAL TERMINAL
with all services started under normal circumstances.
NSCONTROL STOP=HCS,PTOPL,PTOP,RFAL,RFA,NFTL,RPML,VTRL,VTR,VTL is sufficient
to achieve the level of isolation I desire, but also disables both Apache
and Samba. So a more narrowly defined version of my question is: which of
these services is required by each of Apache/iX and Samba/iX?
John Burke
e-mail: [log in to unmask]
|
|
|