Dave, solved. Really odd issue. Nothing appeared obvious in the hosts.allow file
which is where I do most of the security (what is your feeling. . . the
hosts.allow or hosts.deny file for bolstering security??). But I was fiddling
with all kinds of things when I just happened to edit the hosts.allow file to
remove some domains that were no longer needed, and ftp started working. The
really odd thing is telnet session worked fine from the same domains that were
denying ftp access.
I scratch my head. It simply was not obvious in viewing this file, but in
cleaning up the file, it unlocked the ftp denied error. Ah well. . .
Say, any thoughts on the BIND stuff? I was thinking of readdressing that so I
could get local email working without having to be connected to the internet for
name services to work. When ya have time. . . I may give you a call on that tmrw
if I grab a moment. Would be nice to chat anyway. Hope things are going well for
you. . .
david
Dave Wreski wrote:
> On 17-Mar-98 David Hughes wrote:
> > Am running a RH 4.2 box. Have created a hosts.allow scheme to allow
> > access from specific domains only. Everything has worked fine until a
> > few days ago when all of a sudden FTP access went south. I can telnet
> > into it, web works, everything works fine, except ftp. Dunno what
> > happened.
>
> What do you have listed in your hosts.allow? How about hosts.deny? Since I
> see that your concerned about security, you might as well be thorough. This
> should be your /etc/hosts.deny:
>
> ALL: ALL
>
> And list individually the services you want to allow in /etc/hosts.allow:
>
> ALL: 127.
> in.ftpd: .my.domain
> in.telnetd: .my.domain
> in.popd: .my.domain
>
> This describes the `Mostly Closed' senerio. You can also just use 'ALL: ALL'
> in hosts.allow during the time you are debugging..
>
> > Anyone suggest where to start looking?? Is there an FTP daemon that I
> > might need to stop and restart (will look into this of course). Any
> > advice would be most appreciated. .
>
> No, you do not need to restart an ftpd -- it should be running from inetd,
> which spawns the ftpd upon each connection. Your /etc/inetd.conf should look
> as follows:
>
> ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
>
> You can add the `-dv' argument to the end of that, which will produce more
> error logging. If you are building a new machine, you might consider having
> more logging information for all your servers running on it. You can increase
> the syslog error reporting by adding this to your /etc/syslog.conf:
>
> *.debug /var/log/debug.log
>
> Then signal syslogd:
>
> # kill -HUP `cat /var/run/syslog.pid`
>
> Dave
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
