From owner-freebsd-bugs Sun Jul 25 14:21:20 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id ABA0F1522F for ; Sun, 25 Jul 1999 14:21:17 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA84807; Sun, 25 Jul 1999 14:20:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id EBA661523C; Sun, 25 Jul 1999 14:18:05 -0700 (PDT) Message-Id: <19990725211805.EBA661523C@hub.freebsd.org> Date: Sun, 25 Jul 1999 14:18:05 -0700 (PDT) From: gerti-FreeBSD@BITart.com To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: bin/12809: inetd: refuses connections after SIGHUP (TCP Wrappers related) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 12809 >Category: bin >Synopsis: inetd: refuses connections after SIGHUP (TCP Wrappers related) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jul 25 14:20:00 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Gerd Knops >Release: 3.2 release >Organization: BITart Consulting >Environment: FreeBSD central.identify.net 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Sat Jun 19 03:45:59 CDT 1999 infax@bsd.bitart.com:/usr/src/sys/compile/INTERFAX i386 >Description: After sending a SIGHUP to inetd (via killall -HUP inetd) inetd is refusing connections it previously accepted. Apparently the build in TCP wrappers get something crossed. Error messages look like: Jul 25 16:00:04 central inetd[17407]: refused connection from 194.126.15.215, service smtp (tcp) >How-To-Repeat: Below my inetd.conf, hosts.allow and hosts.deny (I know that deny should not be needed anymore, but due to historical reasons those are the files on the problem machine). After a reboot inetd accepts smtp connections, but stops doing so after it received a SIGHUP. -------/etc/inetd.conf------- # $Id: inetd.conf,v 1.33 1998/12/01 22:01:59 dillon Exp $ # # Internet server configuration database # # @(#)inetd.conf 5.4 (Berkeley) 6/30/90 # ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l telnet stream tcp nowait root /usr/libexec/telnetd telnetd shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind #finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #exec stream tcp nowait root /usr/libexec/rexecd rexecd #uucpd stream tcp nowait root /usr/libexec/uucpd uucpd #nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd # run comsat as root to be able to print partial mailbox contents w/ biff, # or use the safer tty:tty to just print that new mail has been received. #comsat dgram udp wait tty:tty /usr/libexec/comsat comsat #ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd #tftp dgram udp wait nobody /usr/libexec/tftpd tftpd /tftpboot #bootps dgram udp wait root /usr/libexec/bootpd bootpd # # "Small servers" -- used to be standard on, but we're more conservative # about things due to Internet security concerns. Only turn on what you # need. # #daytime stream tcp nowait root internal #daytime dgram udp wait root internal #time stream tcp nowait root internal #time dgram udp wait root internal #echo stream tcp nowait root internal #echo dgram udp wait root internal #discard stream tcp nowait root internal #discard dgram udp wait root internal #chargen stream tcp nowait root internal #chargen dgram udp wait root internal # # Kerberos authenticated services # #klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k #eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x #kshell stream tcp nowait root /usr/libexec/rshd rshd -k #kip stream tcp nowait root /usr/libexec/kipd kipd # # CVS servers - for master CVS repositories only! # #cvspserver stream tcp nowait root /usr/bin/cvs cvs pserver #cvs stream tcp nowait root /usr/bin/cvs cvs kserver # # RPC based services (you MUST have portmapper running to use these) # #rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd #rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd #walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld #pcnfsd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.pcnfsd rpc.pcnfsd #rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad #sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd # # example entry for the optional pop3 server # #pop3 stream tcp nowait root /usr/local/libexec/popper popper # # example entry for the optional imap4 server # #imap4 stream tcp nowait root /usr/local/libexec/imapd imapd # # Return error for all "ident" requests # #ident stream tcp nowait root internal # # example entry for the optional ident server # #ident stream tcp wait kmem:kmem /usr/local/sbin/identd identd -w -t120 # # example entry for the optional qmail MTA # #smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd # # Enable the following two entries to enable samba startup from inetd # (from the Samba documentation). # #netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd #netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd # smtp stream tcp nowait qmaild /usr/local/qmail/bin/tcp-env tcp-env /usr/local/qmail/bin/qmail-smtpd # # pop3 # pop3 stream tcp nowait root /usr/local/qmail/bin/qmail-popup qmail-popup central.interfaxx.com /usr/local/bin/checkpassword /usr/local/qmail/bin/qmail-pop3d Maildir -------/etc/hosts.allow------- ALL: 206.103.221.32/255.255.255.240 ALL: 208.134.252.0/255.255.255.0 in.smtp: ALL qmail-popup: ALL tcp-env: ALL -------/etc/hosts.deny------- ALL: ALL >Fix: Workaround: Don't use SIGHUP with inetd... >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message