RE: Re: Re: Re: Re: What libs req'd to resolve DNSwithinachrootjail?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



 

> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx 
> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Eric B.
> Sent: Monday, January 14, 2008 8:45 PM
> To: centos@xxxxxxxxxx
> Subject:  Re: Re: Re: Re: What libs req'd to resolve 
> DNSwithinachrootjail?
> 
> 
> "Mike Kercher" <mike@xxxxxxxxx> wrote in message 
> news:6115482898C59848B35DB9D491C9A28E08BFA3@xxxxxxxxxxxxxxxxxx
nger.net...
> > >> Thanks for the pointer.  Indeed, I was missing the
> > trailing . after
> > >> my FQDN in my revers file.  I have updated my reverse files, and 
> > >> nslookup is resolving better, but still not further ahead.
> > >>
> > >> My reverse file: 3.168.192.in-addr.arpa now contains the
> > following line:
> > >> 103             IN PTR  eric.test.com.
> > >>
> > >>
> > >> If I try nslookups now, my results are as follows:
> > >>
> > >> # nslookup 192.168.3.103
> > >> Server:         192.168.1.67
> > >> Address:        192.168.1.67#53
> > >>
> > >> 103.103.168.192.in-addr.arpa    name = eric.test.com.
> > >>
> > >> # nslookup eric.test.com
> > >> Server:         192.168.1.67
> > >> Address:        192.168.1.67#53
> > >>
> > >> Name:   eric.test.com
> > >> Address: 192.168.3.103
> > >>
> > >>
> > >> So from that, it seems as though the DNS / rDNS are properly 
> > >> configured, does it not?  Similarly, I have both the forward and 
> > >> reverse domain name on the DNS server as the nslookups show.
> > >> However, I still get the same error
> > >> msg:
> > >> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from
> > >> 192.168.103.103
> > >              AAA
> > > Correct? -----|||
> >
> > Whoops - cut & paste typo.  That line is supposed to read:
> > Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from
> > 192.168.3.103
> >
> 
> > Can you post your complete hosts.allow and hosts.deny files?
> 
> Not much to them actually:
> /chroot/tftpd/etc/hosts.allow:
> #
> # hosts.allow   This file describes the names of the hosts which are
> #               allowed to use the local INET services, as decided
> #               by the '/usr/sbin/tcpd' server.
> #
> in.tftpd : eric.test.com : allow
> 
> /chroot/tftpd/etc/hosts.deny:
> #
> # hosts.deny    This file describes the names of the hosts which are
> #               *not* allowed to use the local INET services, 
> as decided
> #               by the '/usr/sbin/tcpd' server.
> #
> in.tftpd : ALL : deny
> 
> 
> 
> Again, I have concerns that I might be missing something in 
> my chroot jail, but when I change my hosts.allow file to read 
> the following, it works fine.
> in.tftpd: 192.168.3.103 : allow
> 
> So I am utterly and totally confused.  I keep thinking that 
> there must be something DNS related that I need in the chroot 
> jail that I am missing.
> I do have a /chroot/tftpd/etc/resolv.conf with the nameserver 
> entry that points to the DNS server, and all files in my 
> /chroot/tftpd/etc dir are world readable.  I also have a 
> /chroot/tftpd/etc/hosts file (that is pretty much empty - 
> just a line for 127.0.0.1).
> 
> # ls -l /chroot/tftpd/etc
> -rw-r--r--  1 root root   148 Jan 14 17:53 hosts
> -rw-r--r--  1 root root   417 Jan 14 17:37 hosts.allow
> -rw-r--r--  1 root root   370 Jan 13 12:13 hosts.deny
> -rw-r--r--  1 root root  1267 Jan 12 21:43 localtime
> -rw-r--r--  1 root root  1686 Jan 12 15:50 nsswitch.conf
> -rw-r--r--  1 root root    86 Jan 14 17:52 resolv.conf
> -rw-r--r--  1 root root 20373 Jan 12 15:47 services
> 
> 
> Is there anything else I need that I am missing?  Either 
> config file or lib?
> 
> Any suggestions of things I can try?
> 
> Thanks,
> 
> Eric 
> 

Something I found:

15.2.3.2. Access Control

Option fields also allow administrators to explicitly allow or deny
hosts in a single rule by adding the allow or deny directive as the
final option.

For instance, the following two rules allow SSH connections from
client-1.example.com, but deny connections from client-2.example.com:

sshd : client-1.example.com : allow
sshd : client-2.example.com : deny

By allowing access control on a per-rule basis, the option field allows
administrators to consolidate all access rules into a single file:
either hosts.allow or hosts.deny. Some consider this an easier way of
organizing access rules. 

Conceivably, you could put all rules into one file (hosts.allow maybe).
See if that helps..

Mike
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux