From owner-freebsd-questions  Sat Dec  1 21:43:26 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from chinmin.edu.tw (ms.chinmin.edu.tw [140.126.111.3])
	by hub.freebsd.org (Postfix) with SMTP id B6EBC37B416
	for <freebsd-questions@freebsd.org>; Sat,  1 Dec 2001 21:43:16 -0800 (PST)
Received: (qmail 10052 invoked by uid 301); 2 Dec 2001 05:46:07 -0000
Date: Sun, 2 Dec 2001 13:46:07 +0800
From: Greg Matheson <lang@ms.chinmin.edu.tw>
To: freebsd-questions@freebsd.org
Subject: rshd refuses login depending whether client on LAN or dialup
Message-ID: <20011202134607.A7050@ms.chinmin.edu.tw>
Mail-Followup-To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I am a user on a FreeBSD system where I have a cvs repository set
up and I have cvs working on it in client/server mode, but only from
some of the Windows 98 machines running cygwin on which I am
trying to develop from. The problem is rshd is refusing to log me
in from some IP addresses. It seems to depend on whether the client
is on a LAN or a dialup network, but this may be because the
LAN IP addresses don't appear to have reverse DNS, and the dialup
ones do.

The error messages from rsh are similar to those reported in
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=573265+0+archive/2001/freebsd-questions/20010930.freebsd-questions

Looking at /etc/hosts.allow, I see:

# Prevent those with no reverse DNS from connecting.
ALL : PARANOID : RFC931 20 : deny

I am not too sure that this is the line which is causing me
problems, because I am able to login to the telnet and ftp
servers from all of the IP addresses I am using. If it is, I have to
consider the options before approaching the sysads who it is
difficult to communicate with. 

Should I ask them to activate the cvs pserver in /etc/inetd.conf?

#cvspserver     stream  tcp     nowait  root    /usr/bin/cvs

Should I ask them to try to give me reverse DNS for some IP addresses,
which however are not in their domain? 

OR can I ask them to relax the reverse DNS rule for some IP
addresses?

Is the line in /etc/hosts.allow in fact the problem?

-- 
Greg Matheson                The students are not brilliant. 
Chinmin College              Luckily, we're brilliant teachers.
                             --Lee Altschuler
Taiwan Penpals Archive <URL: http://netcity.hinet.net/kurage>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message