From owner-freebsd-isp  Sat Jun 27 12:28:39 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA17198
          for freebsd-isp-outgoing; Sat, 27 Jun 1998 12:28:39 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA17192
          for <isp@FreeBSD.ORG>; Sat, 27 Jun 1998 12:28:28 -0700 (PDT)
          (envelope-from shovey@buffnet.net)
Received: from buffnet11.buffnet.net (buffnet11.buffnet.net [205.246.19.55]) by buffnet4.buffnet.net (8.7.5/8.7.3) with SMTP id PAA24044; Sat, 27 Jun 1998 15:28:28 -0400 (EDT)
Date: Sat, 27 Jun 1998 15:28:27 -0400 (EDT)
From: Steve Hovey <shovey@buffnet.net>
To: ben@rosengart.com
cc: isp@FreeBSD.ORG
Subject: Re: configuring tcp_wrapper
In-Reply-To: <Pine.GSO.3.96.980627151738.23169A-100000@echonyc.com>
Message-ID: <Pine.BSI.3.95.980627152717.9456B-100000@buffnet11.buffnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 27 Jun 1998, Snob Art Genre wrote:

> I'm trying to configure tcp_wrapper to allow ftp access from the local
> network but nowhere else.  I've read the hosts_access(5) man page, and
> written configuration files, but I'm not having any luck.
> 
> Here's my ftpd line in inetd.conf:
> 
> ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -l

You ftpd deamon must be in the path you set for tcpd for the real programs

> 
> My hosts.allow is empty, and my hosts.deny reads as follows:
> 
> #disallow ftp access
> ftpd: ALL EXCEPT 10.0.0.0/255.0.0.0
> 

You need to set host.deny to ALL
then host.allow to 10.0.0.0/255.0.0.0

which ends up being deny all, but allow 10.0.0.0 etc connects.


> Yet I find that I can connect via ftp from a shell account at my ISP
> just as well as from the local network.
> 
> I would greatly appreciate it if someone could tell me what I am doing
> wrong.
> 
> 
>  Ben
> 
> "You have your mind on computers, it seems." 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 

------------------------------------------------------------------
Steve Hovey
Chief Network Administrator
BuffNET		More Than Just a Connection!
------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message