O.K., after some more playing (just before I've sent the mail to "debian-user"...) I saw that the TCPD worked not quite as I expected:
reminder: hosts.deny contained one line saying - "ALL : ALL " which supposed to set up a default closed policy. I played a lot with this file and even more with hosts.allow. I thought it might got to do with the service name but apparently I was simply too explicit with the "allowed" host names. I've put the IP of the allowed host, which is on 192.168.1.0 network. In this situation I always got denials. Now, when, just for fun, I've putted instead of the IP, the name of the host and suddenly it worked! Conclusion (? - anyone got a better explanation?). What happened is that the TCPD saw the IP written in the first place, but TCPD is so paranoid it goes to do a reverse DNS. I use the ISP DNS (although I run one on my own) so probably the ISP DNS said - "192.168.1.2? - unknown to me, dude". The TCPD, being so paranoid, automatically denied the connection but, SILENTLY, didn't even bother to tell me the reason for it's decision (reverse DNS failed on ..). Putting the hostname in hosts.allow with an already existing matching entry in /etc/hosts file, did the trick Well, seems like a good explanation, isn't it? Boaz. ----- Original Message ----- From: "Boaz Rymland" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Shaul Karl" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 17, 2003 12:01 AM Subject: Re: [README First]Re: TCP-Wrapper problem > Thanks for the reply! > > well, i've been checking the matter, but no final conclusions yet. checked > the moving of the "pure-ftpd-wrapper" to "pure-ftpd" - doesn't work :-( > > I've contacted the debian package maintainer. i'll let U know when some > solution is made, even switching to another ftp server... (cost > effectiveness is valid factor here, as always) > > thanks again, > Boaz R. > > > ----- Original Message ----- > From: "Shaul Karl" <[EMAIL PROTECTED]> > To: "Boaz Rymland" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Saturday, March 15, 2003 11:16 PM > Subject: Re: [README First]Re: TCP-Wrapper problem > > > > On Sat, Mar 15, 2003 at 10:41:08PM +0200, Boaz Rymland wrote: > > > I realized the original mail was a bit too detailed. > > > > > > A shorter version: > > > I used to work in the past with tcp-wrapper including the "advanced" > > > configuration of firing booby-traps, etc'. > > > I'm really puzzled at my Debian 3 TCPD behaviour. It seems not to > respond > > > "correctly" to hosts.allow. > > > The work is around setting pure-ftpd to go through the TCPD and do some > > > "extra work" as it starts its session. Please see the previous mail for > more > > > elaborated details... . > > > > > > > > > 1. Maybe it should be pure-ftpd rather then pure-ftpd-wrapper in > > hosts.allow? I believe it is worth testing. > > 2. In case no one here knows I would try [EMAIL PROTECTED] > > > > > > > Has anyone experienced problems with TCPD v7.6-ipv6.1-3 ? > > > Thanks, > > > B. > > > > > > ----- Original Message ----- > > > From: "Boaz Rymland" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Saturday, March 15, 2003 8:57 PM > > > Subject: TCP-Wrapper problem > > > > > > > > > > Hi there, > > > > > > > > I'm having problem getting the tcpd work as I used to see it work. > > > > > > > > I have pure-ftpd which I want to control it's access to. in > hosts.allow, > > > > I enter > > > > pure-ftpd-wrapper : ALL > > > > just to check the situation (all allowed). > > > > > > > > Yet, the connection is always blocked by the hosts.deny directive: > "ALL > > > > : ALL" (single line which together with hosts.allow implement "deny > all > > > > except otherwise noted..."). > > > > I get the error message via syslog acknoledging TCPD has denied the > > > > service "pure-ftpd-wrapper" for 1.2.3.4 > > > > Yes, inet.d ftp line calls tcpd with "pure-ftpd-wrapper" as the > required > > > > service. This name is appearing in all hosts.* files. > > > > When I put ALL:ALL in hosts.allow - the connection is permitted. Its > as > > > > if tcpd somehow doesn't get the string "pure-ftpd-wrapper" right in > it's > > > > config files. > > > > > > > > I've tried changing the string to somthing shorter, and updating > > > > inetd.conf, hosts.*, and the executable itself (both a symlink and a > > > > simple cp), yet nothing seemed to work. Somehow, TCPD doesn't seem to > > > > get the hosts.allow right. Well, or me :-) > > > > > > > > BTW, I've also tried tcpdchk and got in return: > > > > tcpdchk: relocation error: tcpdchk: undefined symbol: skip_ipv6_addr > > > > I then checked tcpd executable itself with ldd. all seems o.k. > > > > > > > > The system is Debian sid (updated). > > > > > > > > Any idea? > > > > thanks, > > > > Boaz R > > > > > > > > > > > > > > > > ================================================================= > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > > the word "unsubscribe" in the message body, e.g., run the command > > > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > > > > > > > > > > > > ================================================================= > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > the word "unsubscribe" in the message body, e.g., run the command > > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > > > -- > > > > Shaul Karl, [EMAIL PROTECTED] e t > > > > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
