[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: tcp_wrappers prefers IP addresses?

From: Alan Mead <adm ipat com>
To: redhat-list redhat com
Subject: Re: tcp_wrappers prefers IP addresses?
Date: Tue, 14 Sep 1999 12:34:39 -0500

At 03:26 PM 9/13/99 -0700, you wrote:
>Alan Mead wrote:
>> Two questions:  How does tcp_wrappers work that it sometimes allows access
>> and sometimes not (e.g., is this an identd thing)?  And how can I arrange
>> for my friend (i.e., anyone in his domain) to access my box if his IP
changes?
>
>'tcpd' logs all refused connections, could you look for errors in
>/var/log/secure?  Something like:
>grep 'refused connect' /var/log/secure*
>
>For each of the refused IP's, do 'nslookup <IP ADDRESS>'.  If it matches
>what you have in /etc/hosts.allow, then maybe mail some of those
>messages to us, and we'll see if we can figure it out.  :)

I'm not sure I understand, names are logged and they match the patterns in
the hosts.allow.  Using nslookup, I resolved them to IPs and then looked up
those IPs and they match.

The first two rejections of unkown make sense (I don't understand them, but
I can imagine why they were refused).  Why was aristotle.net refused and
soltec.net and earthlink.net allowed?

secure:

Aug 23 06:28:01 conan in.telnetd[18738]: refused connect from unknown
Aug 23 06:28:25 conan in.telnetd[18739]: warning: can't get client address:
No route to host
Aug 23 06:28:25 conan in.telnetd[18739]: refused connect from unknown
Aug 24 13:29:44 conan in.telnetd[28205]: refused connect from
pmnode9.aristotle.net
Aug 25 02:22:36 conan in.telnetd[12565]: refused connect from
pmnode3.aristotle.net
Aug 28 10:01:48 conan in.telnetd[23761]: connect from sparkle.soltec.net
Aug 28 10:08:31 conan in.telnetd[23786]: connect from
pool388-cvx.ds44-ca-us.dialup.earthlink.net

/etc/hosts.allow:

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL:.soltec.net
ALL:LOCAL
in.ftpd:ALL
ALL:.earthlink.net
ALL:.aristotle.net

---
Alan D. Mead  /  Research Scientist  /  adm ipat com
Institute for Personality and Ability Testing
1801 Woodfield Dr  /  Savoy IL 61874 USA
217-352-4739 (v)  /  217-352-9674 (f)

Follow-Ups:
- Re: tcp_wrappers prefers IP addresses?
  - From: Chuck Mead

References:
- tcp_wrappers prefers IP addresses?
  - From: Alan Mead
- Re: tcp_wrappers prefers IP addresses?
  - From: Gordon Messmer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]