Re: xinetd/tcp wrappers problem
On Mon, Sep 18, 2000 at 08:40:38PM +0200, Matus fantomas Uhlar wrote:
> Hello,
>
> I run xinetd and I found that compiled-in tcp wrappers don't work...
>
> hosts.allow:
>
> identd : ALL : severity daemon.info : allow
> proftpd : ALL : severity daemon.info : allow
>
> ALL : ALL : severity daemon.notice : deny
>
>
> /etc/xinetd.conf:
>
> service ident
> {
> socket_type = stream
> protocol = tcp
> flags = REUSE
> wait = no
> user = identd
> group = root
> log_on_success -= USERID
> log_on_failure -= USERID
> server = /usr/sbin/identd
> server_args = -i
> }
>
> logs:
>
> Sep 18 16:53:38 fantomas xinetd[257]: FAIL: ident libwrap from=195.168.1.22
>
>
> ... Whenever I comment out the last line in hosts.allow, I can get in with
> identd and ftpd; but when I have it this way, it rejects the connection.
> Logs don't tell anything more :((
i have a similar problem. my telnet client (from my 192.168.1.1 intranet mac)
can't connect to 192.168.1.1 (linux) even tho my xinetd.conf says
service telnet
{
socket_type = stream
protocol = tcp
wait = no
user = telnetd
group = telnetd
server = /usr/sbin/in.telnetd
bind = 192.168.1.1
# only_from = 192.168.1.0
}
doesn't matter if i exclude the only_from or not.
luckily i have a ssh client that hasn't 'expired' yet... but it doesn't
have the xterm-ansi color settings for ls --color or mutt or vi syntax
hilighting...
what i can't figure out is even when i
/etc/init.d/xinetd stop
/etc/init.d/init.real start
i still can't get in via the yes-i-know-it's-satan's-spawn telnet.
% nmap 192.168.1.1
Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on linus (192.168.1.1):
Port State Protocol Service
9 open tcp discard
13 open tcp daytime
21 open tcp ftp
22 open tcp ssh
23 open tcp telnet
25 open tcp smtp
37 open tcp time
53 open tcp domain
80 open tcp http
110 open tcp pop-3
113 open tcp auth
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
any ideas, folks?
Reply to: