xinetd and hosts.allow

Thomas Amwoza amwoza at comcast.net
Sat Apr 17 16:10:46 UTC 2004 

Delete the /etc/hosts.deny file (or rename it hosts.deny.bak) and use this
syntax in the /etc/hosts.allow file:

ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org,
my_static_ip_here : ALLOW


Tom

-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] On Behalf Of Jay Daniels
Sent: Saturday, April 17, 2004 10:36 AM
To: fedora-list at redhat.com
Subject: xinetd and hosts.allow


I cannot get xinetd and tcp wrappers hosts.allow and hosts.deny to work.

/etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#


ALL: LOCAL, 192.168.2.0/255.255.255.0, darkforce.darktech.org,
my_static_ip_here

# allow ssh connection from dialup at myisp disabled until resolved.
#sshd: 209.164.234.0/255.255.255.0

/etc/hosts.deny
ALL: ALL


I have tried several combination in hosts.allow and restarted xinetd, but
when I have the above lines uncommented I cannot send any mail via smtp
port 25 from localhost!

Any ideas?

This may all be redundant since the firewall is suppose to block specified
connections to these ports, but I was thinking tcp wrappers would add to
the security?

Also, I am still unclear how to edit /etc/hosts and my hosts file may have
something to do with it.

$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.2.1             darkforce.darktech.org darkforce #me
192.168.2.12            darkstar.darktech.org darkstar #my laptop
64.246.60.114           cobra.python-hosting.com cobra #my hosting

Should I have my gateway ip address in place of the 192.164.2.1?  How does
tcp wrappers distinguish between eth0 and eth1?

Note that I can leave hosts.allow and hosts.deny blank and all is well, I
can send mail from localhost, etc.

Is this even necessary if my firewall is working properly by allowing
connections from my local net and blocking certain connections from my
inet interface?



jay


--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.659 / Virus Database: 423 - Release Date: 4/15/2004

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3026 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040417/2cc41c25/attachment-0001.bin>

More information about the fedora-list mailing list