Date: Mon, 30 Aug 1999 18:32:54 -0400 From: Christopher Michaels <ChrisMic@clientlogic.com> To: 'Alejandro Ramirez' <ales@megared.net.mx> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: RE: Why does TCP Wrappers require /etc/hosts.deny (was: tcp wrapp ers) Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105C09@site2s1>
next in thread | raw e-mail | index | archive | help
Did you update any part of the system between reboots? -Chris > -----Original Message----- > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > Sent: Saturday, August 28, 1999 11:28 AM > To: Christopher Michaels; gerti@bitart.com > Cc: FreeBSD Questions > Subject: RE: Why does TCP Wrappers require /etc/hosts.deny (was: tcp > wrappers) > > Thanks, > > It works, but I have notice something, yesterday I had to reboot my > system because a fsck thing, and it started to work with the > /etc/hosts.allow file, I have also erased the /etc/hosts.deny file, and > everything its working now why its this happening???, why this stange > behavior???, Im really confused here, its this a "BUG" with tcp wrappers, > a > failing part of 3.2 Release???, its the inetd problem wich its causing > this??? > > Maybe you can try it your self, just rebot your server and it will work (I > think, this is what happened to me). > > Thanks in Advance > > Ales > > > ----- Original Message ----- > From: Christopher Michaels <ChrisMic@clientlogic.com> > To: 'Alejandro Ramirez' <ales@megared.net.mx>; <gerti@bitart.com> > Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> > Sent: Thursday, August 26, 1999 4:06 PM > Subject: Why does TCP Wrappers require /etc/hosts.deny (was: tcp wrappers) > > > > I wish I could answer that question. Does your hosts.allow not work at > all, > > or just not for deny's? > > > > I fought with it for a couple hours and was able to finally get the > > following to work, so I suggested it to you. (this is from memory, it > may > > be slightly different). > > > > /etc/hosts.allow: > > ALL : .domain.com > > > > /etc/hosts.deny: > > telnetd : ALL > > > > I haven't done a buildworld in probably a month or two, so maybe it was > > something that was addresses. I know my kernel is current, but I'm > 99.9% > > positive that has no bearing on it. > > > > Btw, according to the man pages (man 5 hosts_access, and man 5 > > hosts_options) we should be able to put everything in /etc/hosts.allow. > > (although it's counter-intuitive). > > > > -Chris > > > > > -----Original Message----- > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > Sent: Wednesday, August 25, 1999 7:32 PM > > > To: gerti@bitart.com > > > Cc: Christopher Michaels; FreeBSD Questions > > > Subject: RE: tcp wrappers > > > > > > Ok, > > > > > > Now I have 2 more questions: > > > > > > 1 How do I fix this inetd problem in my production system??? > > > 2 Why the /etc/hosts.deny file had to be created and works, and the > > > /etc/hosts.allow doesnt work nor even its the default file where you > > > should > > > deny things. > > > > > > Thanks > > > > > > Ales > > > > > > ----- Original Message ----- > > > From: Gerd Knops <gerti@bitart.com> > > > To: Alejandro Ramirez <ales@megared.net.mx> > > > Cc: Christopher Michaels <ChrisMic@clientlogic.com>; FreeBSD Questions > > > <freebsd-questions@FreeBSD.ORG> > > > Sent: Wednesday, August 25, 1999 3:31 PM > > > Subject: Re: tcp wrappers > > > > > > > > > > Alejandro Ramirez wrote: > > > > > Ok, > > > > > > > > > > Here is the thing, I have erased al the content in the > > > /etc/hosts.allow > > > > > file, I couldnt get in to the telmex server at this time, but I > have > > > an > > > > > account (for testing purposes) in another server hosted by a good > > > friend > > > > > called Thomas Mullaney (Thanks Thomas), I have created the > > > /etc/hosts.deny > > > > > file, and the following lines are in there: > > > > > > > > > > telnetd: 209.58.142.2 > > > > > telnetd: .mullaney.org > > > > > telnetd: r2d2.mullaney.org > > > > > > > > > > The first line its the IP address for the server of the line #3, > and > > > the > > > > > second line its self explanatory, and it still doesnt work, first > I > > > tried > > > > > with the second line, then I started to change it for the other > lines, > > > > > until I had the three lines in the file, and still doesnt work, > what > > > am > > > I > > > > > missing here??? > > > > > > > > > > BTW It only worked 2 times, then stopped working??? > > > > > > > > > > Aug 25 13:17:20 unix inetd[1838]: refused connection from > > > > > r2d2.mullaney.org, ser > > > > > vice telnet (tcp) > > > > > Aug 25 13:17:29 unix inetd[3276]: refused connection from > > > > > r2d2.mullaney.org, ser > > > > > vice telnet (tcp) > > > > > Aug 25 14:08:22 unix login: login from r2d2.mullaney.org on ttyp1 > as > > > ??? > > > > > > > > > > BTW I havent installed the port, because the release notes says > that > > > its > > > > > already built in the system. > > > > > > > > > FreeBSD 3.2 Release has a bug in inted when you restart it with > -HUP. > > > inetd > > > > still works, but something goes wrong with the tcp wrapper > configuration > > > > files. > > > > > > > > I know it got fixed in 'Current', but I can't remember if the fix > made > > > it > > > > into 'Stable' yet. > > > > > > > > Gerd > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: Christopher Michaels <ChrisMic@clientlogic.com> > > > > > To: 'Alejandro Ramirez' <ales@megared.net.mx>; FreeBSD Questions > > > > > <freebsd-questions@FreeBSD.ORG> > > > > > Sent: Wednesday, August 25, 1999 12:27 PM > > > > > Subject: RE: tcp wrappers > > > > > > > > > > > > > > > > For that last time that you logged into the machine. Did you > check > > > to > > > see > > > > > > if there was anything in /var/log/messages? > > > > > > > > > > > > Try this (just to satisfy my curiosity). Put the following line > in > > > your > > > > > > /etc/hosts.deny file. > > > > > > telnetd : .telmex.net.mx > > > > > > > > > > > > Leave /etc/hosts.allow empty (comment out the allow all line). > > > > > > > > > > > > Let me know if that works. > > > > > > > > > > > > -Chris > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > > > > > Sent: Wednesday, August 25, 1999 12:57 PM > > > > > > > To: Christopher Michaels; FreeBSD Questions > > > > > > > Subject: RE: tcp wrappers > > > > > > > > > > > > > > Christopher, > > > > > > > > > > > > > > Thats funny, the log message that I received was at 03:37:05 > a.m. > > > of > > > > > > > today, > > > > > > > the line: > > > > > > > > > > > > > > telnetd : .telmex.net.mx : deny > > > > > > > > > > > > > > I added it today at 9:30 am in the morning in order to make > more > > > tests > > > > > > > because I already saw this message in the /var/log/message > file, > > > since > > > > > > > yesterday, until today at 9:30, the only lines that where in > the > > > > > > > /etc/hosts.allow file where: > > > > > > > > > > > > > > telnetd : .itesm.mx : deny > > > > > > > ALL : ALL : allow > > > > > > > > > > > > > > I also telneted to a server under that domain, and telneted > again > > > to > > > my > > > > > > > server, then I use the "w" command and see the complete domain > > > name > > > for > > > > > > > that > > > > > > > server "gda.itesm.mx", but its not rejecting the connection. > Do > I > > > have > > > > > to > > > > > > > grab the complete set of adresses they use to block the > access???, > > > so > > > > > why > > > > > > > its not working with the domain name???. > > > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > Ales > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: Christopher Michaels <ChrisMic@clientlogic.com> > > > > > > > To: 'Alejandro Ramirez' <ales@megared.net.mx>; FreeBSD > Questions > > > > > > > <freebsd-questions@FreeBSD.ORG> > > > > > > > Sent: Wednesday, August 25, 1999 11:30 AM > > > > > > > Subject: RE: tcp wrappers > > > > > > > > > > > > > > > > > > > > > > Ok. You don't need to sighup inetd. From one of your > previous > > > > > postings > > > > > > > > you're getting the following error: > > > > > > > > > > > > > > > > Aug 25 03:37:05 unix inetd[82105]: warning: > /etc/hosts.allow, > > > line > > > > > > > > 13: can't verify hostname: > > > > > > > > gethostbyname(customer18-197.telmex.net.mx) failed > > > > > > > > > > > > > > > > What appears to be happening, is that since the address > can't > be > > > > > > > verified > > > > > > > to > > > > > > > > be from that domain it is not denying. That error, if you > > > didn't > > > > > know, > > > > > > > is > > > > > > > > saying it cannot resolve "customer18-197.telmex.net.mx". > They > > > appear > > > > > to > > > > > > > > have DNS resolution problems. > > > > > > > > > > > > > > > > What I would suggest is to see if you can find out the range > of > > > ip > > > > > > > addresses > > > > > > > > they use and try denying that, e.g. > > > > > > > > > > > > > > > > telnetd : 200.33.146. : deny > > > > > > > > > > > > > > > > See if that works. Also I do not know if there is a way to > deny > > > all > > > > > > > > addresses that do not resolve. I will look into that, > because > > > I'd > > > > > like > > > > > > > to > > > > > > > > know myself. > > > > > > > > > > > > > > > > -Chris > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > > > > > > > Sent: Wednesday, August 25, 1999 11:23 AM > > > > > > > > > To: Christopher Michaels; FreeBSD Questions > > > > > > > > > Subject: RE: tcp wrappers > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > This are the only 3 lines that I have uncommented in my > > > > > > > > > /etc/hosts.allow > > > > > > > > > file: > > > > > > > > > > > > > > > > > > telnetd : .telmex.net.mx : deny > > > > > > > > > telnetd : .itesm.mx : deny > > > > > > > > > ALL : ALL : allow > > > > > > > > > > > > > > > > > > the rest of the file its commented. I have telnet accounts > in > > > > > servers > > > > > > > in > > > > > > > > > those domains, and after I put this lines, and SIGHUP > inetd, > I > > > can > > > > > > > still > > > > > > > > > log > > > > > > > > > in via telnet to my server from this servers. > > > > > > > > > > > > > > > > > > Thanks in Advance > > > > > > > > > > > > > > > > > > Ales > > > > > > > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > From: Christopher Michaels <ChrisMic@clientlogic.com> > > > > > > > > > To: 'Alejandro Ramirez' <ales@megared.net.mx>; FreeBSD > > > Questions > > > > > > > > > <freebsd-questions@FreeBSD.ORG> > > > > > > > > > Sent: Wednesday, August 25, 1999 10:02 AM > > > > > > > > > Subject: RE: tcp wrappers > > > > > > > > > > > > > > > > > > > > > > > > > > > > Maybe if you posted what was listed in your hosts.allow > file > > > it > > > > > > > would > > > > > > > > > help > > > > > > > > > > us. > > > > > > > > > > Also, what aspect of it is NOT working? > > > > > > > > > > > > > > > > > > > > -Chris > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > > > > > > > > > Sent: Tuesday, August 24, 1999 7:12 PM > > > > > > > > > > > To: FreeBSD Questions > > > > > > > > > > > Subject: tcp wrappers > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > > > I know that tcp wrappers are included in 3.2 Release, > so > I > > > > > > > have > > > > > > > > > > > modified > > > > > > > > > > > the /etc/hosts.allow file, and HUP the inetd daemon, > but > > > it > > > > > doesnt > > > > > > > > > work, > > > > > > > > > > > its > > > > > > > > > > > there some documentation that could help me, or do you > > > know > > > > > > > > > > > what > > > > > > > am > > > > > > > I > > > > > > > > > > > missing??? > > > > > > > > > > > > > > > > > > > > > > Thanks in Advance > > > > > > > > > > > > > > > > > > > > > > Ales > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > > > > > with "unsubscribe freebsd-questions" in the body of > the > > > message > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > > > > with "unsubscribe freebsd-questions" in the body of the > > > message > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > > > with "unsubscribe freebsd-questions" in the body of the > > > message > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB4401105C09>