Shaul Karl wrote:
On Sun, Mar 23, 2003 at 08:09:59PM +0200, Boaz Rymland wrote:the hosts.deny in the relevant case had a ALL : ALL line, *not* ALL : PARANOID... , although you're basically right. I haven't got a clue as for why did this behaviour still existed even after the above mentioned (ALL : ALL) was in the appropriate file. I must note that the man page could have been rephrased more clearly about that, mentioning the reverse-DNS process taking place in specific and the possible point of failure here. From my experience (based on my and others experience), reverse DNS issues like this are a pain to debug and you might hear at the end of the debug session - "if I only knew about the reverse-dns stuff..." .
Conclusion (? - anyone got a better explanation?).
Doesn't the following quote from man hosts.allow shows that one might expect this?
PARANOID Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (default mode), it drops requests from such clients even before looking at the access control tables. Build without -DPARANOID when you want more control over such requests.
i wasn't familiar with tcpdmatch till now. yep, broken too on my machine. ldd -r on the binary gives some "undefined symbols".However I didn't check whether the package is actually compiled that way. In addition, you said that tcpdchk was broken in some way. Does tcpdmatch appropriate here?
Boaz.
What happened is that the TCPD saw the IP written in the first place, but TCPD is so paranoid it goes to do a reverse DNS. I use the ISP DNS (although I run one on my own) so probably the ISP DNS said - "192.168.1.2? - unknown to me, dude". The TCPD, being so paranoid, automatically denied the connection but, SILENTLY, didn't even bother to tell me the reason for it's decision (reverse DNS failed on ..). Putting the hostname in hosts.allow with an already existing matching entry in /etc/hosts file, did the trick
Well, seems like a good explanation, isn't it? Boaz.
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
