Date: Fri, 7 Sep 2001 17:56:43 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Nathan Miller <nam20485@gladstone.uoregon.edu> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: tcpd problems Message-ID: <20010907175429.K13533-100000@shumai.marcuscom.com> In-Reply-To: <001d01c137e3$35b8ec60$2df3df80@uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
For current releases of FreeBSD (3.2 and later), tcp_wrappers is handled by inetd directly. Just start inetd with the -wW flags. Then, specify services like: ftp stream tcp nowait root /usr/local/libexec/ftpd ftpd -L -a telnet stream tcp nowait root /usr/libexec/telnetd telnetd Checkout man inetd(8) for more info. Joe On Fri, 7 Sep 2001, Nathan Miller wrote: > I'm having trouble getting tcp_wrappers set up properly. The problem is this, when I setup /etc/hosts.allow with what (I think) are valid rules, I get unexpected behavior. For instance, when a I enter a rule such as: > telnetd : ALL : allow > and then try to telnet in from some machine I get the catch-all rule at the very bottom of a default hosts.allow: > ALL : ALL : twist.... echo "you are not allowed to use %d from %h" > and the telnet client issues "you are not allowed to use tcpd from <the client's ip>" (notice service is listed as TCPD, not telnetd). > So, no rules will work unless I add a line where ALL or TCPD is the service > TCPD/ALL : ... : ... > At which point everything works, well at least, the services started by inetd(ftpd and telnetd). > Now my rule for sshd doesn't seem to be affected, which works fine w/ a rule of > sshd : ALL : allow > I don't know if it's a coincidence or not, but the services which give me this trouble exactly the ones started from /etc/inetd.conf. > > Now I have setup tcp_wrappers successfully before, the tcpd executable is there in /usr/local/libexec > inetd.conf is setup appropriately > ... > ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -lS > telnet stream tcp nowait root /usr/local/libexec/tcpd telnetd > ... > > My suspicion is that tcpd is not matching the incoming service request(say, ftp) against a rule for the respective service (say, ftpd: ALL: allow) > b/c the service trying to be matched is tcpd, as evidenced by the macro expansion in the very bottom default rule dislpaying the service as tcpd. > ALL : ALL \ > : severity auth.info \ > : twist /bin/echo "You are not welcome to use %d from %c." > ===> > > Has anyone seen this problem before or has an idea what I am doing wrong? Any help would be much appreciated by this new FreeBSD user. Thanks in advance (and if you're reading this thanks for having enough patience to spend your time reading this rambling message) > > Nathan Miller > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010907175429.K13533-100000>