On Sun, Mar 23, 2003 at 08:09:59PM +0200, Boaz Rymland wrote:
>
> Conclusion (? - anyone got a better explanation?).
Doesn't the following quote from man hosts.allow shows that one might
expect this?
PARANOID
Matches any host whose name does not match its address. When
tcpd is built with -DPARANOID (default mode), it drops requests
from such clients even before looking at the access control
tables. Build without -DPARANOID when you want more control
over such requests.
However I didn't check whether the package is actually compiled that
way.
In addition, you said that tcpdchk was broken in some way. Does
tcpdmatch appropriate here?
> What happened is that the
> TCPD saw the IP written in the first place, but TCPD is so paranoid it goes
> to do a reverse DNS. I use the ISP DNS (although I run one on my own) so
> probably the ISP DNS said - "192.168.1.2? - unknown to me, dude". The TCPD,
> being so paranoid, automatically denied the connection but, SILENTLY, didn't
> even bother to tell me the reason for it's decision (reverse DNS failed on
> ..).
> Putting the hostname in hosts.allow with an already existing matching entry
> in /etc/hosts file, did the trick
>
> Well, seems like a good explanation, isn't it?
> Boaz.
>
--
Shaul Karl, [EMAIL PROTECTED] e t
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
