fatman
July 17th, 2004, 16:58
Is there a way in OBSD to bind a service to a specific interface within the machine?

For example, I have two interfaces in a machine and I'm interested in having MySQL and SSH only show up on the internal interface.

Will I have to configure the services individually or is there a central place to do this?

molotov
July 17th, 2004, 18:15
pf could do it quite easily...

bmw
July 17th, 2004, 19:25
There's no central place; each app that is capable of selective binding will have its own configuration for doing it. You can also use pf to simply block access to ports on interfaces you don't want them exposed on, as molotov suggests. If the server is a firewall of some sort, I'd suggest strongly that you do both.

I don't know about MySQL, but for sshd see /etc/ssh/sshd_config

frisco
July 17th, 2004, 19:44
For MySQL, port is configurable in my.cnf via "port=number", and ip and port are configurable at runtime via '--port=number' and '--bind-address=ipaddr'.

For ssh, port is configurable at runtime via '-p number' and port and ip can be set in sshd_config via 'Port number' and 'ListenAddress ipaddr'.

For other services, read the manpages and docs available.

fatman
July 18th, 2004, 10:15
Very good. Thanks for the answers, guys!