Cannot connect when using BindAddress
Jonny Tyers
jtyers at gmail.com
Sat Nov 24 16:28:16 CET 2018
Thanks all for your messages; ListenAddress is in fact the thing I am
looking for, thank you. To Jookia's point about firewalls, I of course
use a firewall to protect ports but in the name of defending in depth,
I'd rather not expose a listening port in the first place if it is
never to be used.
Many other daemons use 'bind address' terminology in their
documentation when talking about listen-only sockets; I think it would
be a good idea to add a line to the man page next to 'BindAddress'
pointing out 'ListenAddress' so less attentive users (like myself)
don't get caught out by it.
--
Jonny Tyers
On Sun, 18 Nov 2018 at 09:40, Jookia <166291 at gmail.com> wrote:
>
> On Sat, Nov 17, 2018 at 11:20:47PM +0000, Jonny Tyers wrote:
> > I want tinc to listen locally on loopback, so that port 655 is not
> > exposed on any system interfaces. Can't tinc make outbound connections
> > when listening on loopback? I can't see any reason why it should. This
> > system will never have other tinc daemons connect to it, it will only
> > ever connect to other tinc daemons in order to establish a VPN
> > connection.
> >
> > --
> > Jonny Tyers
>
> Binding to loopback means you can make any outbound on inbound
> connections you'd like- on loopback. Since loopback doesn't route to the
> Internet, there's no way to make outbound connections.
>
> Why are you worried about exposing port 655 on any system interfaces?
> You should be using a firewall to make it not exposed externally.
> If you're worried about it being exposed internally, loopback has the
> same issue as any user or application can connect to it.
>
> Jookia.
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
More information about the tinc
mailing list