We have a machine that we want to use for some testing. Because of the
nature of the software we are testing, we want to prevent any outbound
connections, file transfer, etc. to other machines on our network. Inbound
is OK. By stopping selected services, I was able to achieve this goal. I
used a rather broad brush though and neither Apache/iX nor Samba/iX will
work in this restricted environment. The catch is I want Apache/iX and
Samba/iX to continue working. Yes, I know, I want to have my cake and eat it
too.

I realize I may have to compromise on some things to keep Apache and Samba
working. But in order to do that, I have to determine what services each
requires. Short of exhaustively testing all combinations, does anyone know
which network services Apache/iX and Samba/iX use? Or at least make a better
educated guess than I have been able to make?

NSCONTROL STATUS shows (among other things):


SERVICE   TYPE    SERVER    DESCRIPTION

SIASQL    REMOTE  IASQLSVR  INCOMING STREAM MODE INFORMATION ACCESS/SQL

VTA       REMOTE  VTSERVER  INCOMING STREAM MODE VIRTUAL TERMINAL

HPIP      REMOTE  HPIPNS    INCOMING CLIENT/SERVER ALLBASE SERVICE

IASQL     REMOTE  IASQLSVR  INCOMING INFORMATION ACCESS/SQL

NSSTATL   LOCAL   NSSTATUS  OUTGOING NSSTATUS SERVICE

NSSTAT    REMOTE  NSSTATUS  INCOMING NSSTATUS SERVICE

HCS       REMOTE  HCSERVER  INCOMING COOPERATIVE SERVICE

LOOPBACK  REMOTE  LOOPBACK  INCOMING LOOPBACK SERVICE

RPML      LOCAL   DSSERVER  OUTGOING REMOTE PROCESS MANAGEMENT

RPM       REMOTE  DSSERVER  INCOMING REMOTE PROCESS MANAGEMENT

PTOPL     LOCAL   DSSERVER  OUTGOING PROGRAM-TO-PROGRAM COMMUNICATION

PTOP      REMOTE  DSSERVER  INCOMING PROGRAM-TO-PROGRAM COMMUNICATION

RFAL      LOCAL   DSSERVER  OUTGOING REMOTE FILE ACCESS

RFA       REMOTE  RASERVER  INCOMING REMOTE FILE ACCESS

NFTL      LOCAL   NFT       OUTGOING NETWORK FILE TRANSFER

NFT       REMOTE  NFT       INCOMING NETWORK FILE TRANSFER

VTRL      LOCAL   VTSERVER  OUTGOING REVERSE VIRTUAL TERMINAL

VTR       REMOTE  VTSERVER  INCOMING REVERSE VIRTUAL TERMINAL

VTL       LOCAL   VTSERVER  OUTGOING VIRTUAL TERMINAL

VT        REMOTE  VTSERVER  INCOMING VIRTUAL TERMINAL



with all services started under normal circumstances.

NSCONTROL STOP=HCS,PTOPL,PTOP,RFAL,RFA,NFTL,RPML,VTRL,VTR,VTL is sufficient
to achieve the level of isolation I desire, but also disables both Apache
and Samba. So a more narrowly defined version of my question is: which of
these services is required by each of Apache/iX and Samba/iX?

John Burke
e-mail: [log in to unmask]