[wplug] ipchains
harrold at sage.che.pitt.edu
harrold at sage.che.pitt.edu
Thu Jul 5 13:11:26 EDT 2001
oh your usng rh7.x. that comes with xinetd, and i dont believe that uses
tcp wrappers any longer (hosts.allow hosts.deny). instead there is a
directory in /etc called xinetd.d.
what follows is my understanding of xinetd:
in xinetd.d there is a file for each service and a file called default for
each service not explicitly mentioned. these files contain restrictions on
the service similar to the hosts.allow and hosts.deny files.
if you installed redhat using the "secure" option it may have added
options to these files that might be causing some of your woes.
i'll email you later if i think of anything else.
--
john
Sometime in July Josue Batista assaulted keyboard and produced...
|John:
|
|/var/log/secure:
|
|date/time xinetd[2053]: refused connect from
|161.201.12.39
|
|/var/log/messages:
|
|date/time chamlin xinetd[2053]: START:telnet pid 2053
|from
|161.201.12.39
|date/time chamlin xinetd[2053]: FAIL:telnet libwrap
|from 161.201.12.39
|
|--- harrold at sage.che.pitt.edu wrote:
|> is there anything in /var/log/messages ?
|>
|> --
|> john
|>
|> Sometime in July Josue Batista assaulted keyboard
|> and produced...
|>
|> |Hi everyone,
|> |
|> |I have a problem related to telneting to a RH 7.1
|> box.
|> | Telnet is "on" and "telnet localhost" works okay.
|> |
|> |/etc/hosts.deny is in place with ALL:ALL
|> |
|> |/etc/hosts.allow is in place with in.telnetd:
|> |xxx.xxx.xxx.xxx
|> |
|> |/etc/resolv.conf is in place with all the
|> nameserver
|> |entries for DNS.
|> |
|> |We were thinking that "ipchains" has something to
|> do
|> |with all this, so we
|> |
|> |/etc/init.d/ipchains stop
|> |
|> |Still, we are not able to telnet to that box.
|> |
|> |Any help is appreciated.
|> |
|> |-- Josue
|> |
|> |--- Robert Dale <rdale at wplug.org> wrote:
|> |> On Tue, 3 Jul 2001, Rich Rosenbaum wrote:
|> |>
|> |> > >From my reading, any changes are disregarded
|> upon
|> |> reboot. There is a script
|> |> > that involves "-save" I think from reading the
|> |> How-to in ipchains, that can be
|> |> > placed in the beginning of the start-up
|> process.
|> |> I've already started to
|> |> > reinstall RH on one machine.
|> |>
|> |> IIRC, this is on a RH7.x system. Therefor, you
|> can
|> |> put your rules in
|> |> /etc/sysconfig/ipchains and they will be started
|> |> automatically on reboot
|> |> and otherwise controlled via
|> |> /etc/init.d/ipchains
|> |> {start|stop|restart|status|panic|save}
|> |>
|> |> --
|> |> Robert Dale
|> |>
|> |> wplug member since 1998
|> |>
|> |>
|> |> _______________________________________________
|> |> wplug mailing list
|> |> wplug at wplug.org
|> |> http://www.wplug.org/mailman/listinfo/wplug
|> |
|> |
|> |=====
|> |- ABC Tech Solutions
|> |http://www.abcsolutions.org
|> |[Java/Oracle/Linux] [C/S & Internet Database Apps]
|> |
|> |__________________________________________________
|> |Do You Yahoo!?
|> |Get personalized email addresses from Yahoo! Mail
|> |http://personal.mail.yahoo.com/
|> |_______________________________________________
|> |wplug mailing list
|> |wplug at wplug.org
|> |http://www.wplug.org/mailman/listinfo/wplug
|> |
|>
|> _______________________________________________
|> wplug mailing list
|> wplug at wplug.org
|> http://www.wplug.org/mailman/listinfo/wplug
|
|
|=====
|- ABC Tech Solutions
|http://www.abcsolutions.org
|[Java/Oracle/Linux] [C/S & Internet Database Apps]
|
|__________________________________________________
|Do You Yahoo!?
|Get personalized email addresses from Yahoo! Mail
|http://personal.mail.yahoo.com/
|_______________________________________________
|wplug mailing list
|wplug at wplug.org
|http://www.wplug.org/mailman/listinfo/wplug
|
More information about the wplug
mailing list