SUMMARY tcp-wrappers and Sol8

From: Deborah Crocker (crock@bama.ua.edu)
Date: Fri Jun 16 2000 - 11:11:19 CDT


The conclusion is that it is a problem with IPv6. There were a couple of
comments about setup files but they did not apply. There are two solutions

#1. Turn off IPv6 compatibilty for the connection in inetd.conf:
original (IPv6)
ftp stream tcp6 nowait root /opt/tcpd/tcpd in.ftpd -l
modified
ftp stream tcp nowait root /opt/tcpd/tcpd in.ftpd -l

where you put in correct path for your tcpd. Ditto the change for
in.telnetd, of course. About half of the people who said they had things
working were using this solution.

#2. Get the source code updated for IPv6:
There are two sources:
ftp://playground.sun.com/pub/casper/tcp_wrappers_7.6-ipv6.tar.gz
ftp://ftp.porcupine.org/pub/ipv6/tcp_wrappers_7.6-ipv6.tar.gz

Many refered to these locations but sent no other comments about
implementing it. A few extra comments are included below about this,
though.

***My Solution***
I have taken option #1 for now. A quick attempt at installing ...7.6-ipv6
failed (see below). With fix #1, the log file began reporting the name of
the machine, not 0.0.0.0.
****

One respondent made a reference to using hostname6.{interface}
instead of hostname.{interface}. This machine had only hostname.hme0
after configuration. So it may be that it is not at all configured for
IPv6 and that is why the IPv6 tcp-wrappers seemed to fail. That comment
sent me to docs.sun.com to find out more about the setup. At any rate
on this, others might want to fish around on docs.sun.com in the IPv6
sections because there is a lot going on in regard to this. We here are
not going to be using IPv6 anytime soon.

For the record, other comments were:
Use ip-filter instead
Possible problems related to DNS (they probably keyed in on 0.0.0.0 -
    I am using dns and nsswitch.conf is correct).
Some more information on format for hosts.allow and hosts.deny

Thank you all.

Here was the original question:
> We're starting to get some Sol 8 installations on our campus and I've
> run into trouble with tcp-wrappers. We've been setting up tcp-wrappers
> up on pre-Sol 8 machines with no trouble.
>
> I can lock everyone out with a hosts.deny of
> ALL: ALL
>
> but I can't let specific machines back in with a hosts.allow
> of
> in.telnetd: ###.###.###.###
> in.ftpd: ###.###.###.etc
>
> Is this a problem with IPv6? Some bigger change? Note also with the
> log file records my attempts to connect with has output like this:
>
> Jun 15 08:37:06 christy in.telnetd[370]: [ID 947420 mail.warning] refused connect from 0.0.0.0

Deborah Crocker
User Service
Seebeck Computer Center
University of Alabama



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:10 CDT