On Fri, Dec 26, 1997 at 01:51:08AM +0000, Lindsay Allen wrote: > How about posting hosts.allow so that we can all learn from this? My > tcp/ip skills are still somewhat limited so I can not really work out what > you have done.
Certainly. My hosts.allow now reads in.telnetd, in.rlogind, smbd, nmbd, uucico: LOCAL, (list of hosts deleted) rpc.nfsd, rpc.mountd, portmap: LOCAL, .rising.com.au, 203.63.216.21, 203.63.216.18 Interestingly, those two IP addresses are dialup-1 and dialup-2.rising.com.au respectively, but if I don't specify those addresses on that line, I don't see the portmapper. This goes with a hosts.deny reading ALL except in.smtpd, blackmail, in.qpopper, wu.ftpd, wu-ftpd: PARANOID ALL except in.telnetd, wu-ftpd, wu.ftpd, in.pop2d, in.comsat, in.qpopper, cfingerd, in.smtpd, blackmail: ALL This is for a production system sitting on an ISP's ethernet, ie not at our premises. I welcome comments about other services I should allow or disallow; I think this lot should make things pretty secure but still usable for me and our other staff. > This whole field seems to be fraught with difficulties. When trying to > mount /debian from another box this morning I found that mountd was not > running in spite of being in /etc/init.d. Something must have stopped it. These daemons won't be started unless there is something in /etc/exports; the netstd_nfs script (in init.d) checks for entries first. > My bo box exports files in the expected way, but my hamm box does not. > Last week it would not export anything unless the client was listed using > its IP number. Now it accepts a hostname but has a problem with > wildcards. It will not export to a host by using a wildcard unless there > is a valid explicit entry for that host without a wildcard. So when > exporting /debian to gum.scotch.etc this works:- My nfsd exports fine with *.rising.com.au in /etc/exports, so obviously it can do the reverse lookup okay, but for some reason my portmap doesn't. Reverse DNS is certainly configured correctly. Your problem is very strange! Sorry, I don't have any suggestions. Hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
