RE: xinetd and hosts.allow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Delete the /etc/hosts.deny file (or rename it hosts.deny.bak) and use this
syntax in the /etc/hosts.allow file:

ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org,
my_static_ip_here : ALLOW


Tom

-----Original Message-----
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Jay Daniels
Sent: Saturday, April 17, 2004 10:36 AM
To: fedora-list@xxxxxxxxxx
Subject: xinetd and hosts.allow


I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work.

/etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#


ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org,
my_static_ip_here

# allow ssh connection from dialup@myisp disabled until resolved.
#sshd: 209.164.234.0/255.255.255.0

/etc/hosts.deny
ALL: ALL


I have tried several combination in hosts.allow and restarted xinetd, but
when I have the above lines uncommented I cannot send any mail via smtp
port 25 from localhost!

Any ideas?

This may all be redundant since the firewall is suppose to block specified
connections to these ports, but I was thinking tcp wrappers would add to
the security?

Also, I am still unclear how to edit /etc/hosts and my hosts file may have
something to do with it.

$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.2.1             darkforce.darktech.org darkforce #me
192.168.2.12            darkstar.darktech.org darkstar #my laptop
64.246.60.114           cobra.python-hosting.com cobra #my hosting

Should I have my gateway ip address in place of the 192.164.2.1?  How does
tcp wrappers distinguish between eth0 and eth1?

Note that I can leave hosts.allow and hosts.deny blank and all is well, I
can send mail from localhost, etc.

Is this even necessary if my firewall is working properly by allowing
connections from my local net and blocking certain connections from my
inet interface?



jay


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.659 / Virus Database: 423 - Release Date: 4/15/2004

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux