Re: telnet connection refused from IP outside subnet
> : comment out the PARANOID line in /etc/hosts.allow? > : #ALL : PARANOID : RFC931 20 : deny > Yes. This PARANOID option is really quite silly since RFC 931 is > useless outside of your own administrative domain and off dubious > value inside it. Best to leave it commented out. > Warner The RFC931 part may be silly, but the PARANOID part keeps out any ip address that does not reverse DNS to a name. We find that useful. - Tim To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: telnet connection refused from IP outside subnet
On Wed, 2 Aug 2000, [gill] wrote: > check ps -ax to make sure the daemon is up They are (syslogd and sshd). > run the daemon /usr/local/sbin/sshd -d and watch the debug info > run the client ssh -v for verbose I'll try this and play around a little more tonight. > are you running 4.0-RELEASE, 4.1-RELEASE, or -STABLE? Stable. Oh, and for anyone else who wonders (already received a few helpful emails ;), yes I did HUP the daemons after making configuration changes. Thanks. -mrh To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: telnet connection refused from IP outside subnet
On Tue, 1 Aug 2000 [EMAIL PROTECTED] wrote: > Actualy, I don't have 'login failers'. I just can't > connect! "Connection refused", not login failer! I do not get login > prompt at all! Correct... However, per inetd(8), wrapped services log failed attempts using the auth syslog facility. > 'host' is ok in both directions (host and host gives the > same name/IP). Can I assume resolving is ok ? You did this from your server, not your home system, correct? Just checking, since inetd will obviouslly be using the DNS of your server to see if a given host is allowed. Do you have the same problem if you comment out the PARANOID line in /etc/hosts.allow? #ALL : PARANOID : RFC931 20 : deny What's a traceroute look like from the disallowed connection to the server, and from the server to your disallowed IP? > If i could force things to be logged somehow :-) I can send my > /etc/syslog.conf if it will be of help ? Hmm, I understand your pain... I just attempted to make sshd log failed attempts and... I must be overlooking something really simple, because it's not working. I looked at inetd(8) and sshd(8). I have the following in /etc/ssh/sshd_config by default: SyslogFacility AUTH LogLevel INFO So I created the following in /etc/syslog.conf (Yes, those are tabs): auth.* /var/log/auth.log In sshd_config I even tried bumping LogLevel up to VERBOSE. I touched /var/log/auth.log and it is writeable by syslogd. I then removed an allow rule for one of my boxes, ssh'd in, and got denied without anything being logged to auth.log. Sshd is standalone... So logging behavior relating to inetd shouldn't matter, but I noticed mention of daemon.* being used by inetd so tried logging those too... Still nothing. Hmm. -mrh To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: telnet connection refused from IP outside subnet
> >In that case it should log failure using the auth service...Try creating >the file /var/log/auth.log and adding a line into /etc/syslog.conf: > Actualy, I don't have 'login failers'. I just can't connect! "Connection refused", not login failer! I do not get login prompt at all! I even do not get any message from telnet-client! Just 'connection refused'. Currently I use ssh to log-in. I did what you suggest in /etc/syslog.conf. ssh logins are logged now, etc. But nothing else! > >On your server use the host command. Type "host " where ... 'host' is ok in both directions (host and host gives the same name/IP). Can I assume resolving is ok ? If i could force things to be logged somehow :-) I can send my /etc/syslog.conf if it will be of help ? --- Plamen D. Petkov, ICQ# 2214327 [EMAIL PROTECTED] First Bulgarian Internet Store http://www.bgstore.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
telnet connection refused from IP outside subnet
Given this example IPs: My Home PC: 193.68.31.27 /dynamic IP from ISP, dial-up/ My Server: 193.68.22.2 I can telnet /and pop3 server is ok, popper/ Now, with this: My Home PC: 212.50.35.2 /dynamic IP from another ISP, dial-up/ My Server: 193.68.22.2 I CAN NOT telnet /pop3 server connection refused as well/ Why that ? /etc/hosts.allow 's first line is ALL : ALL : allow I have root privileges on my server! Actualy, this is my server plugged in the first ISP's LAN. please give some help! --- Plamen D. Petkov, ICQ# 2214327 [EMAIL PROTECTED] First Bulgarian Internet Store http://www.bgstore.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message