Why is xinetd ignoring 'bind' option?

Question

On a server with proftpd controlled by xinetd (plesk/centos FWIW), I want to make proftpd listen only on a specific ip address.

I've tried putting bind = 12.34.56.78 in /etc/xinetd.d/ftp_psa, and also putting DefaultAddress 12.34.56.78 in /etc/proftpd.conf, but it seems not to work.

After I restart xinetd, nmap shows that port 21 is still being listened on for my other public ip.

Can anyone tell me what I'm doing wrong?

Just as a test I commented out the whole ftp service in the xinetd config file and that did disable the service, so I'm clearly in the right place, but the bind options seems not to work.

Thanks in advance

UPDATE: config files (munis comments for brevity)

/etc/xinetd.d/ftp_psa

#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST AFTER YOU UPGRADE PARALLELS PLESK PANEL.

service ftp
{
    flags       = IPv6
        disable     = no
    socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        instances       = UNLIMITED
        server          = /usr/sbin/in.proftpd
        server_args     = -c /etc/proftpd.conf
        bind            = 12.34.56.78
}

I know it says here not to modify, but I haven't done a plesk upgrade, and I've also tried putting the bind in the defaults section (which has no such warning):

/etc/xinetd.conf

defaults
{
    log_type    = SYSLOG daemon info
    log_on_failure  = HOST
    log_on_success  = PID HOST DURATION EXIT
    cps     = 50 10
    instances   = 50
    per_source  = 10
    v6only      = no
    groups      = yes
    umask       = 002
    bind            = 12.34.56.78
}

includedir /etc/xinetd.d

And for completeness: /etc/proftpd.conf

ServerIdent off
ServerName          "ProFTPD"
ServerType          inetd
DefaultServer           on
<Global>
DefaultRoot ~       psacln
AllowOverwrite      on
</Global>
DefaultTransferMode binary
UseFtpUsers         on
TimesGMT            off
SetEnv TZ :/etc/localtime
Port                21
DefaultAddress      12.34.56.78
SocketBindTight     on
Umask               022
MaxInstances            30
ScoreboardFile /var/run/proftpd/scoreboard
TransferLog /usr/local/psa/var/log/xferlog
<Directory /var/www/vhosts>
    GroupOwner  psacln
</Directory>
AuthPAM on
AuthPAMConfig proftpd
IdentLookups off
UseReverseDNS off
AuthGroupFile   /etc/group

What process is listening on port 21? Is it xinetd? (Double check with `lsof` or `fuser` or something like that.) — David Schwartz, Oct 18 '12 at 16:12

score 0 · Answer 1 · answered Oct 19 '12 at 20:12

What version of CentOS are you using? I just tried CentOS 6.3. The xinetd-file is called /etc/xinetd.d/xproftpd, needs to be enabled with setting disable=no in the file and by saying chkconfig proftpd on. I only need to set bind = 10.0.2.15 to let proftpd listen only to this address. No need to tune proftpd.conf any further.

After changing bind to a distinct value, I wasn't able to connect to any other IP-address any more. Not even localhost.

/etc/xinetd.d/xproftpd:

# default: off
# description: The ProFTPD FTP server serves FTP connections. It uses \
#   normal, unencrypted usernames and passwords for authentication.
service ftp
{
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/sbin/in.proftpd
    log_on_success      += DURATION USERID
    log_on_failure      += USERID
    nice            = 10
    disable         = no
    bind            = 10.0.2.15
}

chkconfig:

# chkconfig --list proftpd
proftpd         0:off   1:off   2:on    3:on    4:on    5:on    6:off

/etc/proftpd.conf is still at it's defaults, except setting ServerType inetd to make it work with xinetd.

I'm using CentOS 5.3. `chkconfig` doesn't seem to know about proftpd. My uneducated guess is that its a problem caused by plesk. Sometimes it seems like most of my problems are caused by plesk. — DaedalusFall, Oct 22 '12 at 13:06

Why is xinetd ignoring 'bind' option?

1 Answers1