hosts.allow & hosts.deny issues

hosts.allow & hosts.deny issues

Post by Justin Pes » Sat, 31 Aug 2002 09:15:54



Hey guys, my first post here w00t! anyway...

in my hosts.deny file i put ALL: ALL and then added the users IPs who
i wanted to give access to in hosts.allow - as far as i know
hosts.allow over rides hosts.deny, so the IPs in hosts.allow _should_
be allowed access, correct?

i've got a few nologin users, who use ftp, and also some ssh accounts
fo rfriend who run eggdrops, etc. but whenever i have ALL: ALL
uncommented in hosts.deny they can't login, even though i'm _positive_
the correct hostmasks are in hosts.allow

can anyone give me some input on this matter? im' running red hat 7.3
with kernel 2.4.18, thanks!

-jstn

 
 
 

hosts.allow & hosts.deny issues

Post by Bit Twist » Sat, 31 Aug 2002 09:28:36



Quote:> Hey guys, my first post here w00t! anyway...

> in my hosts.deny file i put ALL: ALL and then added the users IPs who
> i wanted to give access to in hosts.allow - as far as i know
> hosts.allow over rides hosts.deny, so the IPs in hosts.allow _should_
> be allowed access, correct?

> i've got a few nologin users, who use ftp, and also some ssh accounts
> fo rfriend who run eggdrops, etc. but whenever i have ALL: ALL
> uncommented in hosts.deny they can't login, even though i'm _positive_
> the correct hostmasks are in hosts.allow

> can anyone give me some input on this matter? im' running red hat 7.3
> with kernel 2.4.18, thanks!

Thanks for not posting what you did in hoasts.allow.

That makes it a challenge to help.

I guess you setup the ftp file in /etc/xinetd.d/, poked a hole
in the firewall, and do have something like
in.ftpd: 192.168.1.10 in the allow file.

 
 
 

hosts.allow & hosts.deny issues

Post by Bill Unr » Sat, 31 Aug 2002 12:45:03


]Hey guys, my first post here w00t! anyway...

]in my hosts.deny file i put ALL: ALL and then added the users IPs who
]i wanted to give access to in hosts.allow - as far as i know
]hosts.allow over rides hosts.deny, so the IPs in hosts.allow _should_
]be allowed access, correct?

]i've got a few nologin users, who use ftp, and also some ssh accounts
]fo rfriend who run eggdrops, etc. but whenever i have ALL: ALL
]uncommented in hosts.deny they can't login, even though i'm _positive_
]the correct hostmasks are in hosts.allow

]can anyone give me some input on this matter? im' running red hat 7.3
]with kernel 2.4.18, thanks!

Yes. Man hosts.allow

Each line in hosts.allow is read. If a line matches and allows the
connection then it goes ahead. If no line in hosts.allow matches, then
hosts.deny is read, and if a match is found the connection is denied. If
it is not found than it is allowed.

Your format in hosts.allow is probably wrong.
If you posted the line someone might be able to help, but as it is there
is not enough info here.

 
 
 

hosts.allow & hosts.deny issues

Post by J. Reilin » Sat, 31 Aug 2002 14:57:30




> ]Hey guys, my first post here w00t! anyway...

> ]in my hosts.deny file i put ALL: ALL and then added the users IPs who
> ]i wanted to give access to in hosts.allow - as far as i know
> ]hosts.allow over rides hosts.deny, so the IPs in hosts.allow _should_
> ]be allowed access, correct?

> ]i've got a few nologin users, who use ftp, and also some ssh accounts
> ]fo rfriend who run eggdrops, etc. but whenever i have ALL: ALL
> ]uncommented in hosts.deny they can't login, even though i'm _positive_
> ]the correct hostmasks are in hosts.allow

> ]can anyone give me some input on this matter? im' running red hat 7.3
> ]with kernel 2.4.18, thanks!

> Yes. Man hosts.allow

vevidas-4:~# man hosts.allow
No manual entry for hosts.allow
vevidas-4:~#

Quote:> Each line in hosts.allow is read. If a line matches and allows the
> connection then it goes ahead. If no line in hosts.allow matches, then
> hosts.deny is read, and if a match is found the connection is denied. If
> it is not found than it is allowed.

> Your format in hosts.allow is probably wrong.
> If you posted the line someone might be able to help, but as it is there
> is not enough info here.

I have this in /etc/hosts.deny:
ALL: ALL

And in my /etc/hosts.allow I only allow ssh access from some remote
hosts and (ofcourse) all local:
ALL: LOCAL
# ALL .192.168.0. <-- I still don't understand why this line
# didn't work.
#
# Jan's range
sshd: 195.64.0.0/255.255.0.0
# Jan's range 2
sshd: 213.169.0.0/255.255.0.0
# some_other_remote_host
sshd: aaa.bbb.ccc.ddd

This works for me and it's all in "man hosts".

Regards, Jan

--
/"\  ASCII Ribbon Campaign
\ /  No HTML in mail or news!
  X             Vevida Services: http://www.vevida.nl
/ \             DSINet: http://www.dsinet.org

 
 
 

hosts.allow & hosts.deny issues

Post by Andrew Carso » Sun, 01 Sep 2002 23:38:12





> > ]Hey guys, my first post here w00t! anyway...

> > ]in my hosts.deny file i put ALL: ALL and then added the users IPs who
> > ]i wanted to give access to in hosts.allow - as far as i know
> > ]hosts.allow over rides hosts.deny, so the IPs in hosts.allow _should_
> > ]be allowed access, correct?

> > ]i've got a few nologin users, who use ftp, and also some ssh accounts
> > ]fo rfriend who run eggdrops, etc. but whenever i have ALL: ALL
> > ]uncommented in hosts.deny they can't login, even though i'm _positive_
> > ]the correct hostmasks are in hosts.allow

> > ]can anyone give me some input on this matter? im' running red hat 7.3
> > ]with kernel 2.4.18, thanks!

> > Yes. Man hosts.allow

> vevidas-4:~# man hosts.allow
> No manual entry for hosts.allow
> vevidas-4:~#

Try man 5 hosts_access
 
 
 

hosts.allow & hosts.deny issues

Post by J. Reilin » Tue, 03 Sep 2002 05:05:56







[...]

Quote:>>>Yes. Man hosts.allow

>>vevidas-4:~# man hosts.allow
>>No manual entry for hosts.allow
>>vevidas-4:~#

> Try man 5 hosts_access

Thanks.
But why isn't that manpage in the "See Also" section of man hosts? Would
have made my life easier :-)

Regards, Jan

--
/"\  ASCII Ribbon Campaign
\ /  No HTML in mail or news!
  X             Vevida Services: http://www.vevida.nl
/ \             DSINet: http://www.dsinet.org