Talkback for article: 175, November2000

xinetd - extended Internet services daemon

Back to: http://cgi.linuxfocus.org/English/November2000/article175.shtml

From: Atif Ghaffar <atif(at)developer.ch> [ date: 2000-11-01 ]
Excellent article Frédéric, I am moving to xinetd now.
I really like the transparent proxy feature (port redirection)
Some times it is very useful to be able to do this on a host.

For example in java applets that want to talk to some server (example IRC server)
can only talk back to the same server from where the class file was served (security restrictions)
Here I can define my port 6667 in the xinetd.conf and probably redirect it to a real irc server.

From: etgfhnrayet <ziroziro(at)gmx.de> [ date: 2000-11-20 ]
search for freecall codes for nokia6150 with d1 card help me with a code i am rich!! pleace
From: Ernest L. Williams Jr. <ernesto(at)ornl.gov> [ date: 2000-11-30 ]
How do I get xinetd to work with .rhosts files via rsh?
I have an vxWorks VME processor that boots from a Red Hat 6.2 LINUX server
via rsh.
When I moved to Red Hat 7.0 my VME processor no longer boots. I ran some rsh tests between Red Hat 7.0 Linux boxes: result rsh always asks for the password. It appears that rsh refuses to use the .rhosts file. How can I get my system working with the .rhosts file again under xinet.d?
From: stéphane KAY <stephane.kay(at)eudoramail.com> [ date: 2001-01-07 ]
I still don't know HOW TO RUN a tftp deamon on REDHATLINUX 7.0 ?!!
Bug?
From: Brian Seppanen <seppy(at)chartermi.net> [ date: 2001-01-10 ]
Speaking of TFTP daemon's. We're running one with redhat-7.0, and I'd
like to limit the access times to a fifteen minute interval during
which we grab some router configs. I've tried the access_times: option
and it didn't seem to prevent me from grabbing a config outside of the
allowed time.

To whomever had problems with tftpd we were supposedly having some problems
with tftpd. They don't appear to be happening anymore. Right now, we're
blocking tftpd with libwrap and hopefully access times, because I was
told putting a tftpd access list wasn't working. Not sure about that as
I picked up on the project later.

Any ideas?
From: Brian Seppanen <seppy(at)chartermi.net> [ date: 2001-01-11 ]
It appears that a complete restart of xinetd was necessary for the
access_times option to work. A simple reconfiguration did not work.
From: Tom [ date: 2001-01-20 ]
Great work, the article helped me configure the whole necessary services per xinetd
From: Bruce Bowler <bbowler(at)bigelow.org> [ date: 2001-01-26 ]
I thought I had it figured out, but I can't get it to work. I have the following (from a SIGHUP) that make me think I ought to be able to FTP in from anywhere but I can't. Any help or advise would be MOST welcome.

The log shows entries like

01/1/26@11:22:51: FAIL: ftp libwrap from=xxx.xxx.xxx.xxx (it show's the real IP)
01/1/26@11:22:52: USERID: ftp VMS:xxxxxxx (and the real user id)

here's the dump.



INTERNAL STATE DUMP: xinetd Version 2.1.8.9pre11
Current time: Fri Jan 26 11:23:39 2001

Services + defaults:
Service defaults
Instances = 60
Logging to file: /var/log/xinetd.log (no limits)
Log_on_success flags = HOST PID USERID
Log_on_failure flags = HOST ATTEMPT RECORD USERID
Service = ftp
State = Active
Service configuration: ftp
id = ftp
socket_type = stream
Protocol (name,number) = (tcp,6)
Nice = 10
Groups = 0
Server = /usr/sbin/in.ftpd
Server argv = in.ftpd -l -a -L
Logging to common log file
Log_on_success flags = HOST PID USERID
Log_on_failure flags = HOST ATTEMPT RECORD USERID
running servers = 0
retry servers = 0
attempts = 0
service fd = 3
shutdown function = (null)

Server table dump:

Retry table dump:

Socket mask: 3 5
mask_max = 5
Open descriptors (not in socket mask): 0 1 2 4 6 7

active_services = 2
available_services = 2
descriptors_free = 1013
running_servers = 0
Logging service = enabled
Shutdown service = enabled

max_descriptors = 1024
process_limit = 0
config_file = /etc/xinetd.conf

END OF DUMP

From: benjamin <snowkid_23(at)yahoo.com> [ date: 2001-02-13 ]
Mysteriously with RH 7.0 kernel 2.2.16-22 i stop having the ability to get outside of the local network. xinetd restart doesn't seem to do the trick, but for some reason starting routed seems to do the trick. This is funny because i only lose this ability after running the rpmupdate program in Gnome. routed does not normally run on this machine... any ideas?

From: David <dsulliva(at)uscc.com> [ date: 2001-03-09 ]
Having a problem with tftp with redhat 7.0. I have enabled the tftpd
server with the "-c" flag to enable autocreation of files, and I am able
to read files from the server, but it times out when I try to send a
file back to it. Any clues?
From: luthien <luthien(at)ccia.com> [ date: 2001-03-12 ]
InRe: xinetd and sendmail

I have read every article FAQ, source of information I could find regard
sendmail and xinetd. In short xinetd appears to allow it to send but
refuses all incoming connections. The information for setting up pop3
worked and pop3 works as it should under xinetd, however sendmail does
not, what am I missing.
From: Sean Reedy <sreedy(at)accessdc.com> [ date: 2001-03-23 ]
How many "only_from" statements can your have per service? Is it recommended to use only one "only_from" followed by all the networks that will have access or an "only_from" statement for each host\network?

Presently I have a machine that has four only from statements for sshd. If I add a fifth statement, previous networks are affected and not able to access the machine through ssh.
From: Gordon Berry <gberry(at)aea12.k12.ia.us> [ date: 2001-04-17 ]
After spending 4 days trying to rebuild a Linux system with updates (to RH7) (and the new xinetd superserver), for email service to my real domain and 9 virtual domains, here's what I found:
There are two forms of "virtual e-mail domains" with (particularly RedHat) Linux. If the Sendmail config is used, everything is done in sendmail's configuration, and duplicate usernames have to be "worked around"; RedHat 6 offered a means of creating virtual domains that uses separate passwd & shadow & mail files and folders. The inetd.conf pertinent line was:

pop-3 stream tcp nowait root /usr/sbin/tcpd /usr/lib/linuxconf/lib/vpop3d /usr/sbin/ipop3d

and each virtual domain has a unique IP number on the eth0 interface.
I finally was able to get this approach to work by binding the standard ipop3 to my main domain's IP, and creating a new "vpop3d" file that contains an entry like this (for >each< virtual domain):
service pop3
{
disable = no
flags = REUSE NAMEINARGS
socket_type = stream
wait = no
user = root
bind = 205.221.74.9
server = /usr/lib/linuxconf/lib/vpop3d
server_args = /usr/sbin/ipop3d
log_on_success += USERID HOST
log_on_failure += USERID HOST
}
(with the appropriate IP numbers in each case).
In general, xinetd handles the tcpd shadow passwords, so that part of the original inetd line becomes "taken care of". xinetd just starts a "vpop3d" service for each virtual domain's IP number.
BTW, the setup from RedHat 6 also modified the sendmail.cf file at least in ruleset 0, It seems to me a pretty good way of handling virtual domains, except that imap is not handled for the virtual domains, they're POP3 only. Maybe somebody will come up with a "vimap4d" daemon.
When I really get comfortale with this, I'll reduce the logging!
Hope this helps someone else.
From: chris [ date: 2001-05-09 ]
Thanks for a nice article.
since I changed to xinetd many users have complained about the identd
service. I haven't been able to get the right setup.
Can anyone show me the correct and working setup for identd?

chris
From: Lee [ date: 2001-05-10 ]
Has anyone been able to identify a problem with using ProFtpd with Xinetd, having checked various other boards certain people are saying that it only works on Inetd.

I originally was running wu-ftpd on Redhat 7 which worked fine but since installing ProFtpd as an xinetd service, all I get is connection refused. As a note the ftp server works fine when running in standalone mode.

I understand that this is strictly a Proftp Issue but any assistance would be appreciated, I am a linux newbie also I am OK with computers in general.
From: Brian Seppanen <seppy(at)chartermi.net> [ date: 2001-05-15 ]
We use proftp in conjunction with xinetd. It does work, you've got
some other issue.
From: Gabriel Li <gabriel.li(at)telus.com> [ date: 2001-05-22 ]
Is there any way to limit the number of connections based on the ip.
For example, if host A sends out an obscene amount of email, and you want
to limit host A to establish only 5 connections at a time, while letting as
many connections to go through as possible from another host. (say, the
firewall).
Any ideas??

gabriel.

From: Thierry Guillaneuf <thierry.guillaneuf(at)eads-dsn.com> [ date: 2001-05-28 ]
Hi all,
I used to use TIS ACL in conjuction with inetd. Is there any way to still use Tis ACL with xinetd? has anybody some experience on it?

Thanks by advance
From: fiza <fiza(at)cmnett.com> [ date: 2001-05-30 ]
Thank you very much for your article on Xinetd.
I clicked at the "Bad configuration with RH7.0" and I tried your intruction of "grep service *udp" (coz i my ftp and telnet dont wont at all). When I typed "grep service *udp" it says: grep:*udp no such file or directory. So I accidentally tried to type "grep service * udp" (Please notice there's a space there between * and udp)....o man! Ive got this
"linuxconf-web:# browser.Enabling this service will allow
connections to \.
linuxconf-web:service linuxconf
grep:udp no such file or directory"
Can you tell me what's that mean?How to undo?or what should i do next?
Bye.

From: Chris Bruster <chris(at)chrisbruster.com> [ date: 2001-05-30 ]
Trying to get ssh to run on xinetd. I have a confile that does an include
of the /etc/inetd.d directory. inside this directory are several files
have the parms on different services (tftp, wuftp, chargen, etc) there is
a disable statement in each of these that can be set to yes or no. What I
did to try and get my machine to accept incoming ssh connections was add a
new file in the /etc/xinetd.d dir names ssh. It has the same perms as all
of the other files but fails to kick of the sshd. Here is what it looks
like...
service ssh
{
socket_type = stream
wait = no
protocol = tcp
user = root
wait = no
disable = no
}

Pretty simple huh? Well it doesn't work. I'm just now trying to use
xinetd and am not having much success. Can someone give me a hand? I'd
appreciate it.

Thanks,
Chris

From: jarek <havkmon(at)priv6.onet.pl> [ date: 2001-05-31 ]
sendmail xinetd
Although i read all yout articles I don't know what should be written smtp file for xinetd
could you help me resolve this problem

From: Mitsurugi [ date: 2001-06-08 ]
Working ProFTPD Configuration:
(put this in your Xinetd directory and config files)

service ftp
{
flags = NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/tcpd
server_args = proftpd
log_type = SYSLOG daemon
log_on_success = HOST DURATION
log_on_failure = USERID ATTEMPT
}

This is working fine with the exception that ONE of our users cannot FTP from his location. He is behind a firewall. We think it is a ProFTPD issue.

In your /etc/proftpd/proftpd.conf file, you could have these:

ServerType inetd
DefaultServer on
IdentLookups off

Good luck!

From: Danny <dcd(at)pop.mainstreet.net> [ date: 2001-06-12 ]
Can xinetd be sucessfully compiled from source on SCO Openserver.
I can not find any realted facts on platforms that xinet can be complied on ?


From: Jim Morris [ date: 2001-06-15 ]
I want to thank the author for taking the time to post this article on xinetd.
I just installed a new mail server and enabled pop and imap for my users.
Immediately everyone began experiencing 30 second delays when trying to
pop their mail ... ditto for imap users. I struggled with this for about
a week, then stumbled across this article that highlighted the default
value "USERID" within the xinetd.conf file. This was the source of the
problem ... without finding this article, I'd still be listening to all
those armchair sysadmins saying "You've got a name service problem"

Thanks again,
Jim
From: Wolfgang <101454.217(at)aon.at> [ date: 2001-07-23 ]
How can I integrate Apach with xinetd ?

Wie integriere ich den Apach in xinetd???


Thanks
Wolfgang
From: Allan M. Stewart <astewart(at)xinetix.com> [ date: 2001-07-26 ]
I must be missing something basic. I've tried tons of variations and can't get my service to work. It's a proprietary daemon for our app.

Here's my entry in file /etc/xinetd.d/copd
---------------------------------------------
service copd
{
disable = no
flags = REUSE
socket_type = stream
protocol = tcp
port = 3111
wait = no
user = vision
server = /home/vision/bin/copd
log_type = FILE /var/log/copd.log
log_on_success = PID HOST USERID EXIT DURATION
log_on_failure = HOST USERID ATTEMPT
}
--------------------------------------------------------

and the corresponding entry in /etc/services:
copd 3111/tcp copd

"chkconfig --list" does list the copd service as on. When I start the client process, it does find the service by getservbyname(), the client thinks it connects...at least it does connect to the proper port (as seen by netstat), but the copd process is never run (checked by ps and a write to file).

What am I missing? Any tips greatly appreciated.

Allan

From: Byoung seol Park <pbs94(at)ndyne.com> [ date: 2001-08-13 ]
Hi, I'm a korean.

hmm.... I want to know that "only_from xxx.xxx.xxx.xxx/24" meaning.

At there, What's mean "/24 or /4 or /8" I really want to know.

I read your article 10 times. but you did't comment this.

I know you are very busy. but I need your help.
From: rich <gravydog88(at)hotmail.com> [ date: 2001-09-03 ]
/<number> is CIDR notation used for routing. It replaces the outdated subnet mask.

/32 = 255.255.255.255
/31 = 255.255.255.254
/30 = 255.255.255.252
/29 = 255.255.255.248
/28 = 255.255.255.240
etc ....
From: Krzysztof Kowalewicz <Krzysztof.Kowalewicz(at)GMACIO.com> [ date: 2001-09-13 ]
I experienced problems, trying to connect using telnet protocol. I have checked two distributions: Mandrake 7.2 and 8.0. Previous version of Mandrake allow connection when I start manualy inetd. Is it xinetd bug?
From: Murugesh Naidu <m_naidu_78(at)yahoo.com> [ date: 2001-09-21 ]
how do I enable ssh on RH7.0?
From: Pawel Wojnicki <wojnicki(at)asw.waw.pl> [ date: 2001-10-11 ]
Concerning the pop3 chapter of Your article:
You're right that the client has to wait 30 second for his email.
How can I decrease this time?

From: greg simonoff <gsimonoff(at)yahoo.com> [ date: 2001-11-21 ]
I found this on some web site at San Deigo State:

1035. Your friend is studying TCP. He says, "I know that there
is a three-way handshake for connection setup. It is really
fast.

Watch. I'm going to telnet to the time server on rohan -- and
I know there is no timer server daemon running there."
He types
telnet rohan 13
and immediate the display the shows
Trying 130.191.3.100...
telnet: Unable to connect to remote host: Connection refused

"See?" he says. "That timed out in less than a second."
Explain why your friend has not successfully observed the time out
delay for an unsuccessful TCP connection attempt. What experiment
would be more realistic?
----------------------------------------------------------------------------------------------
Well,
This is exactly the problem I'm having on my RH7.0 system. When I type:

$ telnet localhost 13

the immediate response I get is :

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
$ _

Telnet works fine as long as I don't try to access a port ( telnet
loghost 13 ). "chkconfig --list" shows that daytime is running (/etc/service
shows it on port 13) - is there a better way to test that assumption? I
need to be able to access some server in order to complete some course
work.. This is really driving me nuts, can you help me?

GREG
-----------------------------------------------------

From: Der-Johng Sun <djsun(at)mail.agnitio.com.tw> [ date: 2001-11-23 ]
I add "only_from=xxx.xxx.xxx" in the time server file(/etc/xinetd.d/time).
I want some machine use "rdate <time server>", but it doesn't work.
Any machine still can access the time server.

RH7.1

From: P.KRIPAKARAN <pkn(at)css.nal.res.in> [ date: 2001-12-07 ]
ur article is fine. Where can get the conversion of inetd conf to xinetd(perl script).
From: James Barwick <jbarwick(at)mindspring.com> [ date: 2001-12-17 ]
Sorry...but REALLY, REALLY stupid question: How and the *#(@# do you get xinetd to recognize a configuration change without rebooting the machine? RedHat 7.2...tried SIGHUP tried SIGUSR2....no success. What am I missing?
Situation: changed disable=yes to disable=no


From: erkan yanar <erkules(at)rocketmail.com> [ date: 2001-12-27 ]
@using ssh and xinitd
sshd is AFAIK not able to be invoked by inetd (xinitd).

From: Gerald Przybylski <gtp(at)sio2.lbl.gov> [ date: 2002-01-16 ]
I found your article about xinetd somewhat useful. Unfortunately,
I am still baffled about why I cannot get pop, pops, imap, imaps
to work in a redhat 7.2 installation. Maybe it's because I am new to
linux (just a couple of months), though I have some experience with VMS.
When I try to telnet to the host I don't see any entries in /var/log/servicelog

Do you know if anyone has published a how-to addressing my problem?

Best regards
From: Steve Thier <stephen.thier(at)act.gov.au> [ date: 2002-01-23 ]
How do I telnet to port 5555 as well as 23.
From: Niklas E <raven_tl(at)hot> [ date: 2002-02-26 ]
How do I change from inetd to xinetd? I did an rpm -Uvh xinetd.rpm . Does this replace it or do I have to take down inetd in some way? I tried to do a restart on xinetd but it didn't start the services that I had defined in services. Do I have to start xinetd in some other way?

Best regards
Niklas

(I use kernel 2.4.17 on updated Red Hat 6.1)

From: Brandon <BrandonS(at)wyoming.com> [ date: 2002-03-07 ]
Has anybody been able to get rstatd up and running with xinetd??? If you have, please email me some pointers!!!!!!

Thanks,

BrandonS
From: gabriel leung <gabriell(at)hkcommerce.net> [ date: 2002-03-09 ]
I have the same problem to Pawel Wojnicki <wojnicki(at)asw.waw.pl> [ date: 2001-10-11 ].

What is the best method to reduce the 30 second delay time for ipop3?

From: nitrosx [ date: 2002-04-30 ]
I have xinetd on RedHat!!! it seems that everything is fine but
when I try to connect with telnet or ftp, the daemons don't start!!!!
If I ping, it's ok!!!! If I telnet from this machine, it works fine!!!
It seems that there is something wrong between the eth0 and the xinetd
server.

Any help or advice will be helpful
Thanks a lot
From: Tom Penney <blots(at)bigfoot.com> [ date: 2002-05-03 ]
From: gabriel leung <gabriell(at)hkcommerce.net> [ date: 2002-03-09 ]
I have the same problem to Pawel Wojnicki <wojnicki(at)asw.waw.pl> [ date: 2001-10-11 ].

What is the best method to reduce the 30 second delay time for ipop3?


Hello,

I just ran across this. You can eliminate the delay by commenting out 2 lines in the /etc/xinetd.d/ipop3 file..

# log_on_success += USERID
# log_on_failure += USERID

These two lines log when a user tries to log on. The same goes for pop3s.

The question I am trying to find an answer to when I found you message is why does this cause a delay??? I would like to keep logs of who is trying to log in but that delay sucks.

I hope this helps. if you figure out a way to eliminate the delay and still keep the logging in place let me know.

Thanks,

Tom Penney
From: Tom Penney <blots(at)bigfoot.com> [ date: 2002-05-03 ]
ftp & telnet are not enabled by default. telneting into your machine is a bad idea, use ssh instead.

an easy way to see if they are on is...

# chkconfig --list
look for ftp and telnet and see if they are on. if not do this...

# chkconfig telnet on
# chcconfig ftp on
# service xinetd restart

Hope this helps
-Tom

From: Andrei Lobl <andrei(at)nsi.co.il> [ date: 2002-05-13 ]
Someone knows if ssh can be redirected with xinetd ??

Thanks
andrei
From: Jose Belarmino [ date: 2002-05-25 ]
Hi guys,

I'm a linux newbee from Brazil and I was having many problems
with my Linux Mandrake 8 at office. Your article just clarify
everything that I need to make things runs fine, Thank you !!!
From: Chris Moore [ date: 2002-07-23 ]
I disagree with the author's comments about inetd being enough for internal networks. Anyone having access to an inetd service can disable it for 5 minutes by sending, say, 60 requests per minute! It's an internal "DOS" nightmare.
Change to xinetd, you can control the connection rates, etc.
regards, Chris.
From: atif63 [ date: 2002-07-28 ]
Very informative tutorial, but 1 thing i'm confused about is how do you start xinetd on boot.
I'm using freebsd 4.6

any help appreciated, Thankx
From: George Shieh [ date: 2002-07-30 ]
It's really very helpful for me to use a xinetd,it's not like inetd very much. But it's not easy to set a sendmail to receive mail.
From: dan <d_dowd(at)yahoo.com> [ date: 2002-07-31 ]
For those getting the error "Connection Refused" when attempting to telnet or use the talk daemon up connection attemps add this line

groups = yes

to the files

/etc/xinetd.d/talk (for talk daemon)
/etc/xinetd.d/telnet (for telnet daemon)

and restart xinetd by

/etc/rc.d/init.d/xinetd restart

"On some Linux distributions, the telnet daemon starts as a nonprivleged user, but the user belongs to groups that allow it to open new tty's, and to update utmp. By default, xinetd does not allow group permissions to the server process, so telnetd can fail to start properly. To get the server process to posess the proper groups, use the groups = yes directive for the telnet service. This will tell xinetd that it is OK for the server process to start with all the groups the user has access to."

From: Mark Ginsburg <mark(at)bpa.arizona.edu> [ date: 2002-08-05 ]
Is there an example of how to get X11 packets forwarded (to support X Servers running on Windows machines) using xinetd?

Thanks,

Mark
From: Phil Armstrong <pma(at)sgi.com> [ date: 2002-08-20 ]
I am porting a service that runs on Irix (inetd) to Linux (xinetd). Everything
seems okay except that when my (TCPMUX) server starts on Linux, fd 0
still has the string of bytes that were sent to xinetd to identify the service
in the pipe. So my first read of fd 0 returns "sgi_dmusrcmd\r\n" instead of
what the remote process sent (that information follows the string).
Is this normal for xinetd ? It didn't work tat way for me on Irix inetd.

Any help will be appreciated.

Thanks,

Phil
From: Felipe Soberon <fso(at)physics.dcu.ie> [ date: 2002-09-16 ]
I am running RH 7.3 and am trying to set the telnet server on my
PC but still get the Connection Refused. Not even from the localhost.
I am sure the service is running enabled, but still don't know what
could be wrong. I did a workstation installation and rpm the telnet
deamon later.
Any help,
Thanks
Felipe
From: Mike <mike(at)sonic-surf.com> [ date: 2002-12-11 ]
Having dns / sendmail related problems

Dec 10 23:20:17 sonic1 sendmail[2567]: gBB4e2k02437: to=<brian@awesomenet.net>, ctladdr=<mike@sonic-surf.com> (501/501), delay=00:40:15, xdelay=00:00:01, mailer=esmtp, pri=3185208, relay=mail.awesomenet.net. [63.172.128.252], dsn=4.3.1, stat=Deferred: 452 Requested action not taken: insufficient system storage

Dec 10 23:20:17 sonic1 named[2378]: sysquery: findns error (NXDOMAIN) on ns1.thepetpalace.net?

The 2nd error msg is for a virt domain.

Could all of this be caused from not having a PRT record w/my provider for
my name server?

Thx
Mike
From: Rong Zhang <zhroy(at)hotmail.com> [ date: 2002-12-12 ]
I 'm using pop3 (Qpopper v4.0.4) through xinetd (V 2.3.9-0.73). The OS is Redhat 7.3, We have a problem recently, since the pop server will died suddenly without any error messages in the server's system logs. There is a error message show in the client side (IE, Outlook), which is:

" The server responded with an error. Account: Dave@amcable.net ', Server: 'mail.amcable.net', Protocol: POP3, Server Response: '<86>Dec 10 12:00:15 xinetd[12916]: START: pop3 pid=29525 from=xxx.25.0.34+OK Qpopper (version 4.0.4) at mail.amcable.net starting. ', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC90 " ,

At this time, the system is not very busy (we have 2 CPUs, 1.5G RAM), the load is not very high either. And there was only 60-80 instances invoked by xinetd. If I restarted xinetd, everything will be fine then. Is there anything wrong with my xinetd? It looks like the pop server is not really died, but the xinetd refused the request and stop running. How can I do for that? How to configure and tune the xinetd? Please find my xinetd.conf and pop3 insides /etc/xinetd.d below:

================================
/etc/xinetd.conf

defaults
{
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 100 10
}

includedir /etc/xinetd.d
==================================
/etc/xinetd.d/pop3

service pop3
{
disable = no
socket_type = stream
instances = 100
wait = no
user = root
server = /usr/local/sbin/in.popper
server_args = -R -c -s -T 120 -t /var/log/pop3.log
}
==================================
I really appreciate if any one can give me a hand. Thanks a lot
From: ekwem martin <mekwem(at)yahoo.com> [ date: 2003-06-19 ]
I am having the same problem after intallation of red-hat advance server 2.1 and oracle financials 11i 5.5.7. When ever I try to ftp I have error message connection refused.

Please help i am in deep sea.

Martins
From: Jarkko Haapalainen <johaapa(at)student.oulu.fi> [ date: 2003-07-31 ]
Good article! Now I found solution for 30 second delay when user is reading mail via POP3 :-)

Best regards, Jarkko
From: Richard TERRAIN <richard_terrain(at)carrefour.com> [ date: 2003-08-28 ]
Hi,

Thanks for this tool which is really powerfull.

Is it possible to use the redirect option with FTP to get an ftp proxy.

Thanks a lots for your answers

Regards
From: raj <raj_it20012001(at)yahoo.com> [ date: 2003-08-29 ]
how to make a unlisted server using xinetd in red hat linux 9.0
can we pass socket value(integer) to the server program
From: jamie <jamesyoung(at)clear.net.nz> [ date: 2003-09-04 ]
I want xinetd to start and stop my apache service for me. Does anyone know some of the arguments/parameters/variables I would have to add to xinetd.conf especially for this? I can't find any ideas anywahere for apache particularly.

jamie
From: Brian <Brianbarlow(at)mail.com> [ date: 2003-10-14 ]
I am a Newb to Linux and xinetd. I am interested in securing a machine to be a web server. I would like to deny some of the services completely. Is it as simple as adding the following to the xinetd.conf?

Service finger
{
no_access =0.0.0.0/0
}

I have tried this and am still able to perform the service from my command prompt.

Do the other items such as socket type, wait, user and server needed to simply shut a service off?

Is there a better way to completely disable the service?


Thank You in advance,

Brian

From: Bala subramanyam Vemu [ date: 2005-10-17 ]
Excellent article on Xinetd probably the best

Regards
Vemu



From: Leow Hock Seng <oses.tech(at)pacific.net.sg> [ date: 2005-12-23 ]
setting log_on_success and log_on_failure won't work for ipop3. They have to be changed at /etc/syslog.conf.
From: Kevin [ date: 2006-01-08 ]
I am a new linux user and I installed xinetd thinking it would be a better way to secure my server compared to tcp wrappers. I installed swat and getting the service is a pain. The reason I say that is because I've looked at everyones example /etc/xinetd.d/swat examples and mine is the same. Yet, when I go to use the service it does not work. I debug it with xinetd -d and it says address in use already error. I dont get it. It works I alter the file then I can't get it to work again.

Any suggestions.. It seems buggy I am running debian sarge.

64 talkbacks in English
Other talkbacks:   Turkce Castellano Deutsch Francais




Due to the increased amount of web spam we have deciced to removed the talkback posting possibility. You can read old talkbacks but you can no longer post new ones.

Back to http://cgi.linuxfocus.org/English/November2000/article175.shtml

Please contact webmaster(at)linuxfocus.org if you have any questions with regards to this talkback

lftalkback version 3.10