>>>> Again, I have concerns that I might be missing something in >>>> my chroot jail, but when I change my hosts.allow file to read >>>> the following, it works fine. >>>> in.tftpd: 192.168.3.103 : allow >>>> >>>> So I am utterly and totally confused. I keep thinking that >>>> there must be something DNS related that I need in the chroot >>>> jail that I am missing. >>>> I do have a /chroot/tftpd/etc/resolv.conf with the nameserver >>>> entry that points to the DNS server, and all files in my >>>> /chroot/tftpd/etc dir are world readable. I also have a >>>> /chroot/tftpd/etc/hosts file (that is pretty much empty - >>>> just a line for 127.0.0.1). >>>> >>>> # ls -l /chroot/tftpd/etc >>>> -rw-r--r-- 1 root root 148 Jan 14 17:53 hosts >>>> -rw-r--r-- 1 root root 417 Jan 14 17:37 hosts.allow >>>> -rw-r--r-- 1 root root 370 Jan 13 12:13 hosts.deny >>>> -rw-r--r-- 1 root root 1267 Jan 12 21:43 localtime >>>> -rw-r--r-- 1 root root 1686 Jan 12 15:50 nsswitch.conf >>>> -rw-r--r-- 1 root root 86 Jan 14 17:52 resolv.conf >>>> -rw-r--r-- 1 root root 20373 Jan 12 15:47 services >>>> >>>> >>>> Is there anything else I need that I am missing? Either >>>> config file or lib? >>>> >>>> Any suggestions of things I can try? >>>> >>>> Thanks, >>>> >>>> Eric >>>> >>> Something I found: >>> >>> 15.2.3.2. Access Control >>> >>> Option fields also allow administrators to explicitly allow or deny >>> hosts in a single rule by adding the allow or deny directive as the >>> final option. >>> >>> For instance, the following two rules allow SSH connections from >>> client-1.example.com, but deny connections from client-2.example.com: >>> >>> sshd : client-1.example.com : allow >>> sshd : client-2.example.com : deny >>> >>> By allowing access control on a per-rule basis, the option field allows >>> administrators to consolidate all access rules into a single file: >>> either hosts.allow or hosts.deny. Some consider this an easier way of >>> organizing access rules. >>> >>> Conceivably, you could put all rules into one file (hosts.allow maybe). >>> See if that helps.. >> >> Just tried putting everything in the hosts.allow but didn't make any >> difference. Tried also in the hosts.deny bu no success either. >> >> Where did you find that reference? What does 15.2.3.2 point to? >> >> Any other ideas / theories? >> > - make sure tftpd is really using the in.tftpd name (you said it works > with IPs?) Yes. It works with the IPs, so I am somewhat sure that the daemon name in hosts.allow/deny is right and that I am editing the correct hosts.allow/deny files. When I change the IP in those files, I get the responses that I expect (either access allowed or denied). > - make sure it does resolve the IP correctly. I have no idea how you could > test this. Me neither. That's the problem. I have no idea how I can test that the daemon is resolving it properly. > but what is the benefit in managing the zone file instead of hosts.*? I > mean, since you put the IP in the DNS zone file, why not put it in > hosts.*? Looks like I prob. won't have a choice afterall. But was originally thinking that it would neater and easier to read by have FQDN in teh hosts.* file. Plus, it also means I only need to update things in one place (DNS) if/when my server changes IPs.... Like this I would need to update DNS and remember to update my hosts.* files.... Tx, Eric _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos