Xinetd

Project home page: http://www.xinetd.org

Why use Xinetd

• It is more secure - you can restrict access to any service to hosts and/or networks.
• It is modular - each service has its own configuration file. No more messing with common files to insert a new service.
• It has global defaults - very little has to be configured for each services.
• DoS protection - set limits on the number of instances of each service.
• Disable single services - a service can be disabled without removing its configuration.
• Can detect attempts at accessing disabled services and black list IP's for a specified period of time.

Read more in this overview article.

How to install

• Install the package: ipkg install xinetd

Troubleshooting

• Use the -d option to get debug information in your log files (by default /var/log/messages).

Security

• By default the installation of Xinetd allows access to the NSLU2 by Telnet, this may pose a security risk for some users. To disable Telnet access edit the file /opt/etc/xinetd.d/telnetd using a Linux text editor. Change disable = no to disable = yes and then re-start Xinetd using . /opt/etc/init.d/S10xinetd. Note - before making this change the user should make sure that they have an alternative method to access the NSLU2 by installing and configuring either Openssh or Dropbear.
• The default installation of Xinetd will accept IP connections from any private IP address, some users may consider this a security risk. This is easily changed by modifying the file /opt/etc/xinetd.conf using a Linux text editor and then re-starting Xinetd. The file contains a line similar to :-

 
only_from = localhost 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Example - to restrict IP connections to the default NSLU2 192.168.1.0 subnet, modify the config line to read:-

 
only_from = localhost 192.168.1.0/24