xinetd and hosts.allow

Aaron Konstam akonstam at trinity.edu
Sat Apr 17 23:35:01 UTC 2004 

On Sat, Apr 17, 2004 at 11:35:50AM -0400, Jay Daniels wrote:
> I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work.
> 
> /etc/hosts.allow
> #
> # hosts.allow   This file describes the names of the hosts which are
> #               allowed to use the local INET services, as decided
> #               by the '/usr/sbin/tcpd' server.
> #
> 
>  
> ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org, my_static_ip_here
> 
The LOCAL should not be there.

> # allow ssh connection from dialup at myisp disabled until resolved.
> #sshd: 209.164.234.0/255.255.255.0
> 
> /etc/hosts.deny
> ALL: ALL
> 
> 
> I have tried several combination in hosts.allow and restarted xinetd,
> but when I have the above lines uncommented I cannot send any mail via
> smtp port 25 from localhost!
> 
> Any ideas?
> 
> This may all be redundant since the firewall is suppose to block
> specified connections to these ports, but I was thinking tcp wrappers
> would add to the security?
> 
> Also, I am still unclear how to edit /etc/hosts and my hosts file may
> have something to do with it.
> 
> $ cat /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1               localhost.localdomain localhost
> 192.168.2.1             darkforce.darktech.org darkforce #me
> 192.168.2.12            darkstar.darktech.org darkstar #my laptop
> 64.246.60.114           cobra.python-hosting.com cobra #my hosting
> 
> Should I have my gateway ip address in place of the 192.164.2.1?  How
> does tcp wrappers distinguish between eth0 and eth1?
> 
> Note that I can leave hosts.allow and hosts.deny blank and all is
> well, I can send mail from localhost, etc.
> 
> Is this even necessary if my firewall is working properly by allowing
> connections from my local net and blocking certain connections from my
> inet interface?
> 
> 
> 
> jay
> 
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

-- 
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
One Trinity Place.
San Antonio, TX 78212-7200

telephone: (210)-999-7484
email:akonstam at trinity.edu

More information about the fedora-list mailing list