 | | | Tcp wrappers and portmap | Tcp wrappers and portmap 2005-03-25 - By Stephen Gardner
Back
On Fri, 25 Mar 2005, Ed Griffin wrote:
> I am trying to tweak my tcp wrappers settings to lock things down a bit more
> and I have run into an issue in that it seems as though portmap doesn't
> listen to some of the variable entries in /etc/hosts.allow. If I make a
> specific entry for portmap and give it the subnet's I want it to accept
> connections from it seems to work fine, if I try to give it LOCAL or an NIS
> group it I see error messages in /var/log/messages showing "connect from <IP
> ADDRESS> to callit(ypserv): request from unauthorized host." Other services
> such as ssh, (rsh & rlogin enabled for testing) seem to work fine. I have
> tried tweaking my /etc/nsswitch.conf file but that didn't seem to help
> either.
>
> anyone have any ideas? I am also curious if anyone has run into similar
> issues with any other services.
Ed,
A quick check in the RHEL3 Reference Guide, Section 16.2.1.3,
Portmap and TCP Wrappers, says
"When creating access control rules for portmap, do not use hostnames as
portmap's implementation of TCP wrappers does not support host look ups.
For this reason, only use IP addresses or the keyword ALL when specifying
hosts is in hosts.allow or hosts.deny."
I guess that means LOCAL and @(protected) don't function for portmap
wrappering.
Regards,
Stephen
References:
http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1
-tcpwrappers-access.html
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|