Thanks to:
Ian MacPhedran <Ian_MacPhedran@mackenzie.usask.ca>
Brian Mullen <mullen@hurricane.net2.nlu.edu>
Steve Kives <skives@cantor.com>
Michael Baumann <baumann@proton.llumc.edu>
Mark Bergman <bergman@phri.nyu.edu>
Mike Frisch <mfrisch@saturn.tlug.org>
Marina Daniels <Marina.Daniels@ccd.tas.gov.au>
Solutions
---------
1. Likely you compiled tcpd with PARANOID defined. Recompile it without
this switch. If you still need PARANOID behaviour, compile with
PROCESS_OPTIONS defined, and use the hosts_access(5) controls.
2. tcp_wrappers does a double look-up from IP->hostname and then
hostname->IP, and any discrepancy is treated as a spoofing attack and
the connection refused. Try nslookups both directions to see if
that's the problem.
Original question/problem
-------------------------
We have installed tcp_wrappers version 7.6 on our solaris system. When we
enable tcpd on telnet, we have problem with "connection closed by foreign
host" when people from outside telnet to our domain, and the console
window shows the following:
in.telnetd[nnn]: Warning: host name/address mismatch, 123.456.789.1 !=
host.dom.com.
That is, the outside host IP address does not match with its name.
However, you could do nslookup for their name and IP addresses. This
might seem to be the case when one host has several IP addresses.
However, if we just run:
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
Everything seems fine. Does anybody know what went sour here? How can
tcp_wrapper deal with those mismatch warnings?
Thanks,
Janet Leung, TACTech Inc., Yorba Linda, CA 92887
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:00 CDT