Re: xinetd and hosts.allow

From: Aaron Konstam (akonstam_at_trinity.edu)
Date: 04/18/04

  • Next message: Aaron Konstam: "Re: xinetd and hosts.allow"
    Date: Sat, 17 Apr 2004 18:35:01 -0500
    To: For users of Fedora Core releases <fedora-list@redhat.com>
    
    

    On Sat, Apr 17, 2004 at 11:35:50AM -0400, Jay Daniels wrote:
    > I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work.
    >
    > /etc/hosts.allow
    > #
    > # hosts.allow This file describes the names of the hosts which are
    > # allowed to use the local INET services, as decided
    > # by the '/usr/sbin/tcpd' server.
    > #
    >
    >
    > ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org, my_static_ip_here
    >
    The LOCAL should not be there.

    > # allow ssh connection from dialup@myisp disabled until resolved.
    > #sshd: 209.164.234.0/255.255.255.0
    >
    > /etc/hosts.deny
    > ALL: ALL
    >
    >
    > I have tried several combination in hosts.allow and restarted xinetd,
    > but when I have the above lines uncommented I cannot send any mail via
    > smtp port 25 from localhost!
    >
    > Any ideas?
    >
    > This may all be redundant since the firewall is suppose to block
    > specified connections to these ports, but I was thinking tcp wrappers
    > would add to the security?
    >
    > Also, I am still unclear how to edit /etc/hosts and my hosts file may
    > have something to do with it.
    >
    > $ cat /etc/hosts
    > # Do not remove the following line, or various programs
    > # that require network functionality will fail.
    > 127.0.0.1 localhost.localdomain localhost
    > 192.168.2.1 darkforce.darktech.org darkforce #me
    > 192.168.2.12 darkstar.darktech.org darkstar #my laptop
    > 64.246.60.114 cobra.python-hosting.com cobra #my hosting
    >
    > Should I have my gateway ip address in place of the 192.164.2.1? How
    > does tcp wrappers distinguish between eth0 and eth1?
    >
    > Note that I can leave hosts.allow and hosts.deny blank and all is
    > well, I can send mail from localhost, etc.
    >
    > Is this even necessary if my firewall is working properly by allowing
    > connections from my local net and blocking certain connections from my
    > inet interface?
    >
    >
    >
    > jay
    >
    >
    > --
    > fedora-list mailing list
    > fedora-list@redhat.com
    > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

    -- 
    -------------------------------------------
    Aaron Konstam
    Computer Science
    Trinity University
    One Trinity Place.
    San Antonio, TX 78212-7200
    telephone: (210)-999-7484
    email:akonstam@trinity.edu
    -- 
    fedora-list mailing list
    fedora-list@redhat.com
    To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
    

  • Next message: Aaron Konstam: "Re: xinetd and hosts.allow"