You never said if you are using TCP wrappers. Can you show us the
actual output from the machine? What do,
Yes, I guess I am now, but the problem existed before as well. The TCP
wrapper is just whatever is enabled by configuring /etc/hosts.allow.
In the following, 'andrew' is the account that shows he's logged in from
samwise, which is actually my box, and he's a few hundred miles away from
an IP that netstat will show later on.
$ w
11:35PM up 7 days, 17 mins, 3 users, load averages: 1.02, 1.02, 1.01
USER TTY FROM LOGIN@ IDLE WHAT
andrew p1 samwise 8:24PM 3:11 -tcsh (tcsh)
jobe p2 moria11:31PM - pine -zi
$ w -n
11:36PM up 7 days, 18 mins, 3 users, load averages: 1.01, 1.02, 1.00
USER TTY FROM LOGIN@ IDLE WHAT
andrew p1 205.206.125.238 8:24PM 3:12 -tcsh (tcsh)
jobe p2 205.206.125.235 11:31PM - pine -zi
(here, it's displaying MY ip as well)
$ who
23:36 (1603) jobe@samwise:[~] who
andrew ttyp1Oct 21 20:24 (205.206.125.238)
jobe ttyp2Oct 21 23:31 (moria)
$ last | head
23:36 (1604) jobe@samwise:[~] last | head
jobe ttyp2 moriaMon Oct 21 23:31 still logged in
[deletia]
andrew ttyp1 205.206.125.238 Mon Oct 21 20:24 still logged in
$ netstat -an
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address(state)
tcp4 0 0 205.206.125.238.139148.240.10.206.3568TIME_WAIT
tcp4 0 20 205.206.125.238.22 205.206.125.235.3919 ESTABLISHED
tcp4 0 0 205.206.125.238.22 205.206.125.235.3916 ESTABLISHED
tcp4 0 0 205.206.125.238.139205.206.125.235.3201 ESTABLISHED
tcp4 0 0 205.206.125.238.22 24.157.160.165.60145 ESTABLISHED
tcp4 0 0 205.206.125.238.139205.206.125.236.37858 ESTABLISHED
tcp6 0 0 ::1.953*.*LISTEN
tcp4 0 0 127.0.0.1.953 *.*LISTEN
tcp4 0 0 127.0.0.1.53 *.*LISTEN
tcp4 0 0 205.206.125.238.53 *.*LISTEN
udp4 0 0 127.0.0.1.3724 *.*
udp4 0 0 127.0.0.1.3397 *.*
udp4 0 0 205.206.125.238.138*.*
udp4 0 0 205.206.125.238.137*.*
udp4 0 0 127.0.0.1.53 *.*
udp4 0 0 205.206.125.238.53 *.*
Active UNIX domain sockets
Address Type Recv-Q Send-QInode Conn Refs Nextref Addr
d4029aa0 stream 0 0 d4567740000
/tmp/screens/S-root/25091.ttyp1.samwise
d4029be0 stream 0 0 d410f200000 /tmp/mysql.sock
d4029a00 dgram 0 00 d4029f000 d4029d20
d4029d20 dgram 0 00 d4029f000 d4029dc0
d4029dc0 dgram 0 00 d4029f000 d4029e60
d4029e60 dgram 0 00 d4029f0000
d4029f00 dgram 0 0 d40245000 d4029a000 /var/run/log
NOTE: here his IP shows properly: 24.157.160.165
Show? Do you get identical results with rlogin and ssh? Can we see
both?
rlogin is completely identical, though I can't contact the guy to try it
out... but I've seen it in the past as the same results.
Thanks,
Scott
On Fri, 18 Oct 2002, Crist J. Clark wrote:
On Sun, Oct 13, 2002 at 11:00:26PM -0600, Scott Carmichael wrote:
Can someone help me here? Is there a code change I can make somewhere?
Please CC me on any replies, as I am not subscribed to -net or -hackers.
-net removed. -hackers left (although this might be more of a
-questions thread).
-- Forwarded message --
Date: Fri, 11 Oct 2002 14:14:08 -0600 (MDT)
From: Scott Carmichael [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IP resolving
I would like to know two things... Why FreeBSD acts in the following way
while OpenBSD does not, and if it's possible to fix this?
It seems that if anyone connects to my FreeBSD server wish a hostname that
does not match their IP,
Hostname does not match their IP? What exactly does that mean? All
the OS knows is the remote IP address. It doesn't know what hostname
the remote claims to have. The application server might receive a
hostname though, but then I would expect the behavior to vary
according to the application used to connect.
I get a console message about the mismatch, and
Something is generating a message to syslogd(8). Figure out what it is
and edit syslog.conf(5) appropriately. Are you using TCP wrappers or
something?
then if they connect via rlogin or ssh, 'who', 'w', 'last', etc. all
report that they are connected _from_ MY box, which they aren't
