From owner-freebsd-questions Wed Aug 25 13:31:48 1999 Delivered-To: freebsd-questions@freebsd.org Received: from camelot.bitart.com (camelot.BITart.com [206.103.221.33]) by hub.freebsd.org (Postfix) with SMTP id A409C15934 for ; Wed, 25 Aug 1999 13:31:28 -0700 (PDT) (envelope-from gerti@bitart.com) Received: (qmail 13716 invoked by uid 101); 25 Aug 1999 20:31:10 -0000 Message-ID: <19990825203110.13715.qmail@camelot.bitart.com> Content-Type: text/plain MIME-Version: 1.0 (NeXT Mail 4.2mach v148) In-Reply-To: <056001beef33$96f10120$d4630a0a@megared.net.mx> X-Nextstep-Mailer: Mail 4.2mach (Enhance 2.2p1) Received: by NeXT.Mailer (1.148) From: Gerd Knops Date: Wed, 25 Aug 1999 15:31:09 -0500 To: "Alejandro Ramirez" Subject: Re: tcp wrappers Cc: "Christopher Michaels" , "FreeBSD Questions" Reply-To: gerti@BITart.com References: <6C37EE640B78D2118D2F00A0C90FCB4401105BEC@site2s1> <056001beef33$96f10120$d4630a0a@megared.net.mx> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Alejandro Ramirez wrote: > Ok, > > Here is the thing, I have erased al the content in the /etc/hosts.allow > file, I couldnt get in to the telmex server at this time, but I have an > account (for testing purposes) in another server hosted by a good friend > called Thomas Mullaney (Thanks Thomas), I have created the /etc/hosts.deny > file, and the following lines are in there: > > telnetd: 209.58.142.2 > telnetd: .mullaney.org > telnetd: r2d2.mullaney.org > > The first line its the IP address for the server of the line #3, and the > second line its self explanatory, and it still doesnt work, first I tried > with the second line, then I started to change it for the other lines, > until I had the three lines in the file, and still doesnt work, what am I > missing here??? > > BTW It only worked 2 times, then stopped working??? > > Aug 25 13:17:20 unix inetd[1838]: refused connection from > r2d2.mullaney.org, ser > vice telnet (tcp) > Aug 25 13:17:29 unix inetd[3276]: refused connection from > r2d2.mullaney.org, ser > vice telnet (tcp) > Aug 25 14:08:22 unix login: login from r2d2.mullaney.org on ttyp1 as ??? > > BTW I havent installed the port, because the release notes says that its > already built in the system. > FreeBSD 3.2 Release has a bug in inted when you restart it with -HUP. inetd still works, but something goes wrong with the tcp wrapper configuration files. I know it got fixed in 'Current', but I can't remember if the fix made it into 'Stable' yet. Gerd > > ----- Original Message ----- > From: Christopher Michaels > To: 'Alejandro Ramirez' ; FreeBSD Questions > > Sent: Wednesday, August 25, 1999 12:27 PM > Subject: RE: tcp wrappers > > > > For that last time that you logged into the machine. Did you check to see > > if there was anything in /var/log/messages? > > > > Try this (just to satisfy my curiosity). Put the following line in your > > /etc/hosts.deny file. > > telnetd : .telmex.net.mx > > > > Leave /etc/hosts.allow empty (comment out the allow all line). > > > > Let me know if that works. > > > > -Chris > > > > > > > -----Original Message----- > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > Sent: Wednesday, August 25, 1999 12:57 PM > > > To: Christopher Michaels; FreeBSD Questions > > > Subject: RE: tcp wrappers > > > > > > Christopher, > > > > > > Thats funny, the log message that I received was at 03:37:05 a.m. of > > > today, > > > the line: > > > > > > telnetd : .telmex.net.mx : deny > > > > > > I added it today at 9:30 am in the morning in order to make more tests > > > because I already saw this message in the /var/log/message file, since > > > yesterday, until today at 9:30, the only lines that where in the > > > /etc/hosts.allow file where: > > > > > > telnetd : .itesm.mx : deny > > > ALL : ALL : allow > > > > > > I also telneted to a server under that domain, and telneted again to my > > > server, then I use the "w" command and see the complete domain name for > > > that > > > server "gda.itesm.mx", but its not rejecting the connection. Do I have > to > > > grab the complete set of adresses they use to block the access???, so > why > > > its not working with the domain name???. > > > > > > Thanks > > > > > > Ales > > > > > > ----- Original Message ----- > > > From: Christopher Michaels > > > To: 'Alejandro Ramirez' ; FreeBSD Questions > > > > > > Sent: Wednesday, August 25, 1999 11:30 AM > > > Subject: RE: tcp wrappers > > > > > > > > > > Ok. You don't need to sighup inetd. From one of your previous > postings > > > > you're getting the following error: > > > > > > > > Aug 25 03:37:05 unix inetd[82105]: warning: /etc/hosts.allow, line > > > > 13: can't verify hostname: > > > > gethostbyname(customer18-197.telmex.net.mx) failed > > > > > > > > What appears to be happening, is that since the address can't be > > > verified > > > to > > > > be from that domain it is not denying. That error, if you didn't > know, > > > is > > > > saying it cannot resolve "customer18-197.telmex.net.mx". They appear > to > > > > have DNS resolution problems. > > > > > > > > What I would suggest is to see if you can find out the range of ip > > > addresses > > > > they use and try denying that, e.g. > > > > > > > > telnetd : 200.33.146. : deny > > > > > > > > See if that works. Also I do not know if there is a way to deny all > > > > addresses that do not resolve. I will look into that, because I'd > like > > > to > > > > know myself. > > > > > > > > -Chris > > > > > > > > > -----Original Message----- > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > > > Sent: Wednesday, August 25, 1999 11:23 AM > > > > > To: Christopher Michaels; FreeBSD Questions > > > > > Subject: RE: tcp wrappers > > > > > > > > > > Hi, > > > > > > > > > > This are the only 3 lines that I have uncommented in my > > > > > /etc/hosts.allow > > > > > file: > > > > > > > > > > telnetd : .telmex.net.mx : deny > > > > > telnetd : .itesm.mx : deny > > > > > ALL : ALL : allow > > > > > > > > > > the rest of the file its commented. I have telnet accounts in > servers > > > in > > > > > those domains, and after I put this lines, and SIGHUP inetd, I can > > > still > > > > > log > > > > > in via telnet to my server from this servers. > > > > > > > > > > Thanks in Advance > > > > > > > > > > Ales > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: Christopher Michaels > > > > > To: 'Alejandro Ramirez' ; FreeBSD Questions > > > > > > > > > > Sent: Wednesday, August 25, 1999 10:02 AM > > > > > Subject: RE: tcp wrappers > > > > > > > > > > > > > > > > Maybe if you posted what was listed in your hosts.allow file it > > > would > > > > > help > > > > > > us. > > > > > > Also, what aspect of it is NOT working? > > > > > > > > > > > > -Chris > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx] > > > > > > > Sent: Tuesday, August 24, 1999 7:12 PM > > > > > > > To: FreeBSD Questions > > > > > > > Subject: tcp wrappers > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > I know that tcp wrappers are included in 3.2 Release, so I > > > have > > > > > > > modified > > > > > > > the /etc/hosts.allow file, and HUP the inetd daemon, but it > doesnt > > > > > work, > > > > > > > its > > > > > > > there some documentation that could help me, or do you know > > > > > > > what > > > am > > > I > > > > > > > missing??? > > > > > > > > > > > > > > Thanks in Advance > > > > > > > > > > > > > > Ales > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message