Eric B. wrote:
Can you post your complete hosts.allow and hosts.deny files?
Not much to them actually:
/chroot/tftpd/etc/hosts.allow:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
in.tftpd : eric.test.com : allow
/chroot/tftpd/etc/hosts.deny:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services,
as decided
# by the '/usr/sbin/tcpd' server.
#
in.tftpd : ALL : deny
Again, I have concerns that I might be missing something in
my chroot jail, but when I change my hosts.allow file to read
the following, it works fine.
in.tftpd: 192.168.3.103 : allow
So I am utterly and totally confused. I keep thinking that
there must be something DNS related that I need in the chroot
jail that I am missing.
I do have a /chroot/tftpd/etc/resolv.conf with the nameserver
entry that points to the DNS server, and all files in my
/chroot/tftpd/etc dir are world readable. I also have a
/chroot/tftpd/etc/hosts file (that is pretty much empty -
just a line for 127.0.0.1).
# ls -l /chroot/tftpd/etc
-rw-r--r-- 1 root root 148 Jan 14 17:53 hosts
-rw-r--r-- 1 root root 417 Jan 14 17:37 hosts.allow
-rw-r--r-- 1 root root 370 Jan 13 12:13 hosts.deny
-rw-r--r-- 1 root root 1267 Jan 12 21:43 localtime
-rw-r--r-- 1 root root 1686 Jan 12 15:50 nsswitch.conf
-rw-r--r-- 1 root root 86 Jan 14 17:52 resolv.conf
-rw-r--r-- 1 root root 20373 Jan 12 15:47 services
Is there anything else I need that I am missing? Either
config file or lib?
Any suggestions of things I can try?
Thanks,
Eric
Something I found:
15.2.3.2. Access Control
Option fields also allow administrators to explicitly allow or deny
hosts in a single rule by adding the allow or deny directive as the
final option.
For instance, the following two rules allow SSH connections from
client-1.example.com, but deny connections from client-2.example.com:
sshd : client-1.example.com : allow
sshd : client-2.example.com : deny
By allowing access control on a per-rule basis, the option field allows
administrators to consolidate all access rules into a single file:
either hosts.allow or hosts.deny. Some consider this an easier way of
organizing access rules.
Conceivably, you could put all rules into one file (hosts.allow maybe).
See if that helps..
Just tried putting everything in the hosts.allow but didn't make any
difference. Tried also in the hosts.deny bu no success either.
Where did you find that reference? What does 15.2.3.2 point to?
Any other ideas / theories?
- make sure tftpd is really using the in.tftpd name (you said it works
with IPs?)
- make sure it does resolve the IP correctly. I have no idea how you
could test this.
but what is the benefit in managing the zone file instead of hosts.*? I
mean, since you put the IP in the DNS zone file, why not put it in hosts.*?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
