multi-homing and pf; removing user with uid 0
Marc Cabanatuan
mcabanatuan at wi.rr.com
Tue Aug 17 15:55:51 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oh also, when i connect to a service bound to the primary IP (say its
a .2) and im connecting to a .6 to the SAME service (not bound to the
address) it goes right to .2
eg, i can ssh to .6 and it allows me to get to the box. i would really
like it to be completely seperate, or at least as seperate as possible.
Marc Cabanatuan wrote:
| so far ive got this along with the primary inet address with the
| /27 subnet mask in /etc/rc.conf
|
|
| ifconfig_rl0_alias*="inet 0.0.0.0 netmask 255.255.255.255"
| (replacing 0's with ip address of course) Chuck Swiger wrote:
|
| | Marc Cabanatuan wrote: [ ... ] | |> Right now I've got a /27 and
| I am attemtpting to add 5 addresses |> of that adress block (ipv4)
| to the box as either seperate |> addreses (not aliases to the
| primary interface) or seperate |> addresses bound to
| sub-interfaces. So far I have been |> unsuccessful and the host
| told me to use aliases. | | | FreeBSD doesn't let you configure
| multiple IP addresses within the | same subnet. You will either
| have to use different netmasks, or | else use aliases as
| recommended. | |> I also wish for these settings to stay after
| (re)boot. | | | See /etc/rc.conf, and add something like: | | #
| Sample alias entry. #ifconfig_lo0_alias0="inet 127.0.0.254 |
| netmask 0xffffffff" | |> Not to mention they say my firewall is the
| problem and they |> couldn't get out to the internet from root
| console (im using pf |> and have the rule of 'pass out all'. | | |
| Hmm. | |> Next thing, a second account just 'showed up' on the box
| with uid |> 0. |> |> toor:*:0:0:Bourne-again Superuser:/root: -
| from |> /etc/master.passwd |> |> I suspect it was techs from the
| host, but I want it off the |> machine. How do I do this? | | |
| FreeBSD ships with a toor account available but disabled, which can
| | be useful if someone breaks the shell used by the root account
| | itself. If you want to get rid of it, run vipw. |
|
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
- --
Marc Cabanatuan <mcabanatuan at wi.rr.com>
Network and Systems Administrator
A+, Net+, Linux+, CCNA, MCP
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBIozzQXmDWC9ByjIRAspSAKC4btPRPk9M7PECUPznYrK+hCcGpQCgtyeY
HBFN/sExTav5yPcF8lvWV9I=
=6Z6W
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list