Date: Sun, 15 Oct 2000 12:05:32 +0200 (CDT) From: "Martin Bartelds" <bts@iaehv.nl> To: "cjclark@alum.mit.edu" <cjclark@alum.mit.edu>, "Crist J . Clark" <cjclark@reflexnet.net> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: Double reverse lookup: OFF !!!! Message-ID: <20001015100551.2A6B07EAE@iaehv.iae.nl> In-Reply-To: <20001014175127.D25121@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Crist,
Yep, it's the first rule, however the comment in the files say's: first match goes and
be warned: "with the standard configuration, it's completely open".
I installed the (changed) tcpd wrapper for ftpd, however do still get the verify declines.
Maybe that's because I didn't install it for the IP6 ftpd line.
Otherwise, it's maybe ftpd who still does the checking, after tcpd did skip it.
How did the tcp_wrappers enter ftpd (libraries) ?
Martin.
On Sat, 14 Oct 2000 17:51:27 -0700, Crist J . Clark wrote:
>On Sun, Oct 15, 2000 at 01:11:12AM +0200, MB wrote:
>> > On Sat, Oct 14, 2000 at 09:39:50PM +0200, Martin Bartelds wrote:
>> > > Some of my customers can't connect to my 4.1 system with anonymous ftp.
>> > >
>> > > When it happens, I do get an error message on the console:
>> > > "Can't verify hostname: getaddrinfo(....., AF_INET) failed."
>> > >
>> > > As far as I know, this is the paranoid double reverse lookup which fails to
>> > > match the IP-number with the hostname.
>> > >
>> > > I do not want to let my customers stumble on this.
>> > > How can I turn this off ? I did have a look in the ftpd & inetd
>> > > daemon-sources, but did not find anything about it.
>> > >
>> > >
>> > > Any Idea ?
>> >
>> > It's the TCP wrapper. If you want to find the source, look in
>> > /usr/src/contrib/tcp_wrappers. What's in your /etc/hosts.{allow,deny}?
>>
>> host.allow does have:
>> ALL:ALL:allow
>>
>> So I'm pretty much surprised, the connections get declined.
>
>That is the first rule, right?
>
>If you still have problems, you might consider running ftpd(8) as an
>independent daemon outside of inetd(8).
>--
>Crist J. Clark cjclark@alum.mit.edu
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>
-----------------------------------------------------------------------
M.G.N. Bartelds
BTSoftware
European Shareware Registration & Distribution
http://www.btsoftware.com
------------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001015100551.2A6B07EAE>