From owner-freebsd-stable  Mon Sep  3 15:19:23 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp-3.ig.com.br (smtp-3.ig.com.br [200.226.132.152])
	by hub.freebsd.org (Postfix) with SMTP id 598CB37B436
	for <freebsd-stable@freebsd.org>; Mon,  3 Sep 2001 15:19:12 -0700 (PDT)
Received: (qmail 27591 invoked from network); 3 Sep 2001 22:18:18 -0000
Received: from adsl-fnsbnu-123-a.brt.telesc.net.br (HELO conrado) (@200.193.25.123)
  by smtp-3.ig.com.br with SMTP; 3 Sep 2001 22:18:18 -0000
From: "Conrado Vardanega" <cvspam@ig.com.br>
To: "Dimitry Andric" <dim@xs4all.nl>
Cc: <freebsd-stable@FreeBSD.ORG>
Subject: RES: Access disallowed through ssh
Date: Mon, 3 Sep 2001 19:18:23 -0300
Message-ID: <NDBBLGPICDCECKDGFCGFKECMCKAA.cvspam@ig.com.br>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-reply-to: <1919073155.20010904001404@xs4all.nl>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

My hosts.allow's first line is:

ALL : ALL : allow

Therefore, i guess it couldn't be this, according to hosts.allow comments:
"first match wins".

[]s...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2001-09-03 at 23:03:20 Conrado Vardanega wrote:

CV> "Received disconnect from 200.193.xx.xx: 2: Sorry, you are not allowed
to
CV> connect."
- --snip--
CV> This began sometime with no apparent changes to the system. The
hosts.allow
CV> is default, which already allowed me access it in the past.

Check your (reverse) DNS lookups and/or server. If the address you are
connecting from doesn't resolve properly, you'll be denied, due to the
following lines in the default hosts.allow:

# Protect against simple DNS spoofing attacks by checking that the
# forward and reverse records for the remote host match. If a mismatch
# occurs, access is denied, and any positive ident response within
# 20 seconds is logged. No protection is afforded against DNS poisoning,
# IP spoofing or more complicated attacks. Hosts with no reverse DNS
# pass this rule.
ALL : PARANOID : RFC931 20 : deny

I've had my DNS server drop out on me more than once, and each time I
get exactly those problems you mention with tcpwrappers. :)

Cheers,
- --
Dimitry Andric <dim@xs4all.nl>
PGP Key: http://www.xs4all.nl/~dim/dim.asc
Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBO5PyprBeowouIJajEQKDLACeI549TkbHY/arJHlSbLXO7DcDIE4An1We
DX2VBhQi3w4AVhVdnE02R3dD
=0FXG
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message