Xinetd is a replacement for
inetd. It invokes a daemon, a process which runs all the time, monitoring communication requests from other computers over the TCP/IP network to the NSLU2. When it receives a request, it starts the appropriate module to handle the request. Thus xinetd (and inetd) provide a way to invoke telnet, FTP, and other handlers.
Project home page: http://www.xinetd.org
Why use Xinetd
- It is more secure - you can restrict access to any service to hosts and/or networks.
- It is modular - each service has its own configuration file. No more messing with common files to insert a new service.
- It has global defaults - very little has to be configured for each services.
- DoS protection - set limits on the number of instances of each service.
- Disable single services - a service can be disabled without removing its configuration.
- Can detect attempts at accessing disabled services and black list IP's for a specified period of time.
- Samba 3.2 depends on xinetd, and when you install Samba with ipkg you will get xinetd.
Read more in this overview article.
How to install
- Install the package:
ipkg install xinetd
- Alternatively, Samba 3.2 depends on xinetd, and when you install Samba with ipkg you will get xinetd.
As you install packages which rely on Xinetd for invocation, you will need to make two additions to the xinetd configuration for each package.
- Add an entry to to
/unslung/rc.xinetd of the form:
if ( [ ! -f /etc/inetd.conf ] || !(grep swat /etc/inetd.conf -q) ) then
echo "swat stream tcp nowait root /opt/sbin/swat swat" >>/etc/inetd.conf
This appears before the final line,
return 1. This entry adds a compatibility entry to
/etc/inetd.conf for inetd's benefit, if xinetd ends up deferring to inetd.
- Add a file to the directory
/opt/etc/xinetd.d/ which gives the configuration for that services. When xinetd starts up, it reads all the files in this directory as if they had been part of the
The xinetd.conf format and keywords are documented in the xinetd.conf(5) man page(approve sites) (unofficial copy). There is also an official sample xinetd.conf file.
- Use the
-d option to get debug information in your log files (by default
- To restart xinetd, run the command
/opt/etc/init.d/S10xinetd. This stops the old xinetd or inetd process, and starts a new inetd process.
- Each service which you invoke with xinetd needs to have a corresponding configuration file within
/opt/etc/xinetd.d. For instance, if you install SWAT, you will want to create a
swat configuration file.
- Services which you want to turn off can be turned off by setting the line "
disable = yes" within the service's configuration file
- xinetd logging is controlled by the
log_type line of the
/opt/etc/xinetd.conf file. For
log_type = SYSLOG, xinetd writes its error messages to
- By default the installation of Xinetd allows access to the NSLU2 by Telnet, this may pose a security risk for some users. To disable Telnet access edit the file
/opt/etc/xinetd.d/telnetd using a Linux text editor. Change
disable = no to
disable = yes and then re-start Xinetd using
. /opt/etc/init.d/S10xinetd. Note - before making this change the user should make sure that they have an alternative method to access the NSLU2 by installing and configuring either
- The default installation of Xinetd will accept IP connections from any private IP address, some users may consider this a security risk. This is easily changed by modifying the file
/opt/etc/xinetd.conf using a Linux text editor and then re-starting Xinetd. The file contains a line similar to :-
only_from = localhost 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Example - to restrict IP connections to the default NSLU2
192.168.1.0 subnet, modify the config line to read:-
only_from = localhost 192.168.1.0/24