Date: Sat, 28 Aug 1999 10:28:09 -0500 From: "Alejandro Ramirez" <ales@megared.net.mx> To: "Christopher Michaels" <ChrisMic@clientlogic.com>, <gerti@bitart.com> Cc: "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG> Subject: RE: Why does TCP Wrappers require /etc/hosts.deny (was: tcp wrappers) Message-ID: <02a001bef169$f0132840$faa3f9cf@megared.net.mx> References: <6C37EE640B78D2118D2F00A0C90FCB4401105BFE@site2s1>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks,
It works, but I have notice something, yesterday I had to reboot my
system because a fsck thing, and it started to work with the
/etc/hosts.allow file, I have also erased the /etc/hosts.deny file, and
everything its working now why its this happening???, why this stange
behavior???, Im really confused here, its this a "BUG" with tcp wrappers, a
failing part of 3.2 Release???, its the inetd problem wich its causing
this???
Maybe you can try it your self, just rebot your server and it will work (I
think, this is what happened to me).
Thanks in Advance
Ales
----- Original Message -----
From: Christopher Michaels <ChrisMic@clientlogic.com>
To: 'Alejandro Ramirez' <ales@megared.net.mx>; <gerti@bitart.com>
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Sent: Thursday, August 26, 1999 4:06 PM
Subject: Why does TCP Wrappers require /etc/hosts.deny (was: tcp wrappers)
> I wish I could answer that question. Does your hosts.allow not work at
all,
> or just not for deny's?
>
> I fought with it for a couple hours and was able to finally get the
> following to work, so I suggested it to you. (this is from memory, it may
> be slightly different).
>
> /etc/hosts.allow:
> ALL : .domain.com
>
> /etc/hosts.deny:
> telnetd : ALL
>
> I haven't done a buildworld in probably a month or two, so maybe it was
> something that was addresses. I know my kernel is current, but I'm 99.9%
> positive that has no bearing on it.
>
> Btw, according to the man pages (man 5 hosts_access, and man 5
> hosts_options) we should be able to put everything in /etc/hosts.allow.
> (although it's counter-intuitive).
>
> -Chris
>
> > -----Original Message-----
> > From: Alejandro Ramirez [SMTP:ales@megared.net.mx]
> > Sent: Wednesday, August 25, 1999 7:32 PM
> > To: gerti@bitart.com
> > Cc: Christopher Michaels; FreeBSD Questions
> > Subject: RE: tcp wrappers
> >
> > Ok,
> >
> > Now I have 2 more questions:
> >
> > 1 How do I fix this inetd problem in my production system???
> > 2 Why the /etc/hosts.deny file had to be created and works, and the
> > /etc/hosts.allow doesnt work nor even its the default file where you
> > should
> > deny things.
> >
> > Thanks
> >
> > Ales
> >
> > ----- Original Message -----
> > From: Gerd Knops <gerti@bitart.com>
> > To: Alejandro Ramirez <ales@megared.net.mx>
> > Cc: Christopher Michaels <ChrisMic@clientlogic.com>; FreeBSD Questions
> > <freebsd-questions@FreeBSD.ORG>
> > Sent: Wednesday, August 25, 1999 3:31 PM
> > Subject: Re: tcp wrappers
> >
> >
> > > Alejandro Ramirez wrote:
> > > > Ok,
> > > >
> > > > Here is the thing, I have erased al the content in the
> > /etc/hosts.allow
> > > > file, I couldnt get in to the telmex server at this time, but I have
> > an
> > > > account (for testing purposes) in another server hosted by a good
> > friend
> > > > called Thomas Mullaney (Thanks Thomas), I have created the
> > /etc/hosts.deny
> > > > file, and the following lines are in there:
> > > >
> > > > telnetd: 209.58.142.2
> > > > telnetd: .mullaney.org
> > > > telnetd: r2d2.mullaney.org
> > > >
> > > > The first line its the IP address for the server of the line #3, and
> > the
> > > > second line its self explanatory, and it still doesnt work, first I
> > tried
> > > > with the second line, then I started to change it for the other
lines,
> > > > until I had the three lines in the file, and still doesnt work, what
> > am
> > I
> > > > missing here???
> > > >
> > > > BTW It only worked 2 times, then stopped working???
> > > >
> > > > Aug 25 13:17:20 unix inetd[1838]: refused connection from
> > > > r2d2.mullaney.org, ser
> > > > vice telnet (tcp)
> > > > Aug 25 13:17:29 unix inetd[3276]: refused connection from
> > > > r2d2.mullaney.org, ser
> > > > vice telnet (tcp)
> > > > Aug 25 14:08:22 unix login: login from r2d2.mullaney.org on ttyp1 as
> > ???
> > > >
> > > > BTW I havent installed the port, because the release notes says that
> > its
> > > > already built in the system.
> > > >
> > > FreeBSD 3.2 Release has a bug in inted when you restart it with -HUP.
> > inetd
> > > still works, but something goes wrong with the tcp wrapper
configuration
> > > files.
> > >
> > > I know it got fixed in 'Current', but I can't remember if the fix made
> > it
> > > into 'Stable' yet.
> > >
> > > Gerd
> > >
> > >
> > > >
> > > > ----- Original Message -----
> > > > From: Christopher Michaels <ChrisMic@clientlogic.com>
> > > > To: 'Alejandro Ramirez' <ales@megared.net.mx>; FreeBSD Questions
> > > > <freebsd-questions@FreeBSD.ORG>
> > > > Sent: Wednesday, August 25, 1999 12:27 PM
> > > > Subject: RE: tcp wrappers
> > > >
> > > >
> > > > > For that last time that you logged into the machine. Did you check
> > to
> > see
> > > > > if there was anything in /var/log/messages?
> > > > >
> > > > > Try this (just to satisfy my curiosity). Put the following line
in
> > your
> > > > > /etc/hosts.deny file.
> > > > > telnetd : .telmex.net.mx
> > > > >
> > > > > Leave /etc/hosts.allow empty (comment out the allow all line).
> > > > >
> > > > > Let me know if that works.
> > > > >
> > > > > -Chris
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx]
> > > > > > Sent: Wednesday, August 25, 1999 12:57 PM
> > > > > > To: Christopher Michaels; FreeBSD Questions
> > > > > > Subject: RE: tcp wrappers
> > > > > >
> > > > > > Christopher,
> > > > > >
> > > > > > Thats funny, the log message that I received was at 03:37:05
a.m.
> > of
> > > > > > today,
> > > > > > the line:
> > > > > >
> > > > > > telnetd : .telmex.net.mx : deny
> > > > > >
> > > > > > I added it today at 9:30 am in the morning in order to make more
> > tests
> > > > > > because I already saw this message in the /var/log/message file,
> > since
> > > > > > yesterday, until today at 9:30, the only lines that where in the
> > > > > > /etc/hosts.allow file where:
> > > > > >
> > > > > > telnetd : .itesm.mx : deny
> > > > > > ALL : ALL : allow
> > > > > >
> > > > > > I also telneted to a server under that domain, and telneted
again
> > to
> > my
> > > > > > server, then I use the "w" command and see the complete domain
> > name
> > for
> > > > > > that
> > > > > > server "gda.itesm.mx", but its not rejecting the connection. Do
I
> > have
> > > > to
> > > > > > grab the complete set of adresses they use to block the
access???,
> > so
> > > > why
> > > > > > its not working with the domain name???.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Ales
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: Christopher Michaels <ChrisMic@clientlogic.com>
> > > > > > To: 'Alejandro Ramirez' <ales@megared.net.mx>; FreeBSD Questions
> > > > > > <freebsd-questions@FreeBSD.ORG>
> > > > > > Sent: Wednesday, August 25, 1999 11:30 AM
> > > > > > Subject: RE: tcp wrappers
> > > > > >
> > > > > >
> > > > > > > Ok. You don't need to sighup inetd. From one of your
previous
> > > > postings
> > > > > > > you're getting the following error:
> > > > > > >
> > > > > > > Aug 25 03:37:05 unix inetd[82105]: warning: /etc/hosts.allow,
> > line
> > > > > > > 13: can't verify hostname:
> > > > > > > gethostbyname(customer18-197.telmex.net.mx) failed
> > > > > > >
> > > > > > > What appears to be happening, is that since the address can't
be
> > > > > > verified
> > > > > > to
> > > > > > > be from that domain it is not denying. That error, if you
> > didn't
> > > > know,
> > > > > > is
> > > > > > > saying it cannot resolve "customer18-197.telmex.net.mx". They
> > appear
> > > > to
> > > > > > > have DNS resolution problems.
> > > > > > >
> > > > > > > What I would suggest is to see if you can find out the range
of
> > ip
> > > > > > addresses
> > > > > > > they use and try denying that, e.g.
> > > > > > >
> > > > > > > telnetd : 200.33.146. : deny
> > > > > > >
> > > > > > > See if that works. Also I do not know if there is a way to
deny
> > all
> > > > > > > addresses that do not resolve. I will look into that, because
> > I'd
> > > > like
> > > > > > to
> > > > > > > know myself.
> > > > > > >
> > > > > > > -Chris
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx]
> > > > > > > > Sent: Wednesday, August 25, 1999 11:23 AM
> > > > > > > > To: Christopher Michaels; FreeBSD Questions
> > > > > > > > Subject: RE: tcp wrappers
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > This are the only 3 lines that I have uncommented in my
> > > > > > > > /etc/hosts.allow
> > > > > > > > file:
> > > > > > > >
> > > > > > > > telnetd : .telmex.net.mx : deny
> > > > > > > > telnetd : .itesm.mx : deny
> > > > > > > > ALL : ALL : allow
> > > > > > > >
> > > > > > > > the rest of the file its commented. I have telnet accounts
in
> > > > servers
> > > > > > in
> > > > > > > > those domains, and after I put this lines, and SIGHUP inetd,
I
> > can
> > > > > > still
> > > > > > > > log
> > > > > > > > in via telnet to my server from this servers.
> > > > > > > >
> > > > > > > > Thanks in Advance
> > > > > > > >
> > > > > > > > Ales
> > > > > > > >
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: Christopher Michaels <ChrisMic@clientlogic.com>
> > > > > > > > To: 'Alejandro Ramirez' <ales@megared.net.mx>; FreeBSD
> > Questions
> > > > > > > > <freebsd-questions@FreeBSD.ORG>
> > > > > > > > Sent: Wednesday, August 25, 1999 10:02 AM
> > > > > > > > Subject: RE: tcp wrappers
> > > > > > > >
> > > > > > > >
> > > > > > > > > Maybe if you posted what was listed in your hosts.allow
file
> > it
> > > > > > would
> > > > > > > > help
> > > > > > > > > us.
> > > > > > > > > Also, what aspect of it is NOT working?
> > > > > > > > >
> > > > > > > > > -Chris
> > > > > > > > >
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: Alejandro Ramirez [SMTP:ales@megared.net.mx]
> > > > > > > > > > Sent: Tuesday, August 24, 1999 7:12 PM
> > > > > > > > > > To: FreeBSD Questions
> > > > > > > > > > Subject: tcp wrappers
> > > > > > > > > >
> > > > > > > > > > Hi,
> > > > > > > > > >
> > > > > > > > > > I know that tcp wrappers are included in 3.2 Release, so
I
> > > > > > have
> > > > > > > > > > modified
> > > > > > > > > > the /etc/hosts.allow file, and HUP the inetd daemon, but
> > it
> > > > doesnt
> > > > > > > > work,
> > > > > > > > > > its
> > > > > > > > > > there some documentation that could help me, or do you
> > know
> > > > > > > > > > what
> > > > > > am
> > > > > > I
> > > > > > > > > > missing???
> > > > > > > > > >
> > > > > > > > > > Thanks in Advance
> > > > > > > > > >
> > > > > > > > > > Ales
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > > > > > > with "unsubscribe freebsd-questions" in the body of the
> > message
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > > > > > with "unsubscribe freebsd-questions" in the body of the
> > message
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > > > > with "unsubscribe freebsd-questions" in the body of the
> > message
> > > > > >
> > > > >
> > > > >
> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> > > >
> > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02a001bef169$f0132840$faa3f9cf>