> From: Jerry Winegarden <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: /etc/hosts.allow ssh : all
> Reply-To: [EMAIL PROTECTED]
>
> There is one possibility these days: use a dynamic DNS registration
> service (e.g. dyndns.org) to register your own machine's DNS name
> (e.g. myownmachine.dyndns.org) with your new IP number each time you
> get a new one by redialing and connecting to the Internet. Then, you
> could add myownmachine.dns.org to hosts.allow. To use such a service,
> you have to re-register your new IP with your dynamic DNS service
> provider. This can be automated by using a client program available from
> the dynamic DNS service provider. There are several out there.
> I personally have tried dyndns.org (http://www.dyndns.org).
>
Have you actually TRIED putting those dynamic DNS names in hosts.allow
and had it work? It certainly did NOT work when I last tried it --
probably a couple years ago. It appears that tcp-wrappers does a
reverse lookup on the IP address, finds your canonical address
qrzf23856392368XXZZQQ.yourconnectivityprovider.com, can't match that
against anything in hosts.allow and denies access. It appears that it
DOES NOT do a forward lookup of everything mentioned in hosts.allow
and try to match against the connecting IP.
I get around this by having a web-accessible tool that requests a
name/password and temporarily adds the IP from which I'm connecting
to hosts.allow. A cleanup routine expires these entries so they
don't accumulate. By default, I don't allow anything but SMTP
and web access from other than trusted static IPs/domains.
pete peterson
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
