all, I have eth0 and eth0:1, I want to run apache on eth0:1 but do not want any one to be able to ssh to eth0:1. I know how to restrict ssh login vi ip address, but do not know how to do it just for eth0:1. Does any any know how? Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
ssh has a ssh_config file set. You can restrict access and ssh server listening based on the IP address you have assigned.
There is a Listen directive. Usually its set to 0.0.0.0 which means all IP addresses. It can however be repeated and set to individual IP addresses.
SEP
Steven E Protter Owner of ISN Corporation http://isnamerica.com http://hpuxconsulting.com Sponsor: http://hpux.ws Twitter: http://twitter.com/hpuxlinux Founder http://newdatacloud.com
use /etc/ssh/sshd_config file to restrict logins by ip address subnet. you can also use iptables to prevenet ssh port access (port 22) to eth0:1
Also SSH supports tcp_wrappers you can enable/disable access to ssh based on IP address by adding necessary configuration to /etc/hosts.allow and /etc/hosts.deny file
You can use the ipmasq package, then disable the masqing portion of it. Just see the rules.
You can use DNS to run on a particular interface or ip. You can restrict the other services through ipchains - creating the rules in the /etc/ipmasq/rules directory. In Apache, we may specify the IP addresse to listen.
