-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Eric B. Sent: Monday, January 14, 2008 8:45 PM To: centos@centos.org Subject: [CentOS] Re: Re: Re: Re: What libs req'd to resolve DNSwithinachrootjail?
"Mike Kercher" mike@vesol.com wrote in message news:6115482898C59848B35DB9D491C9A28E08BFA3@srv1.home.middlefi
nger.net...
Thanks for the pointer. Indeed, I was missing the
trailing . after
my FQDN in my revers file. I have updated my reverse files, and nslookup is resolving better, but still not further ahead.
My reverse file: 3.168.192.in-addr.arpa now contains the
following line:
103 IN PTR eric.test.com.
If I try nslookups now, my results are as follows:
# nslookup 192.168.3.103 Server: 192.168.1.67 Address: 192.168.1.67#53
103.103.168.192.in-addr.arpa name = eric.test.com.
# nslookup eric.test.com Server: 192.168.1.67 Address: 192.168.1.67#53
Name: eric.test.com Address: 192.168.3.103
So from that, it seems as though the DNS / rDNS are properly configured, does it not? Similarly, I have both the forward and reverse domain name on the DNS server as the nslookups show. However, I still get the same error msg: Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from 192.168.103.103
AAACorrect? -----|||
Whoops - cut & paste typo. That line is supposed to read: Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from 192.168.3.103
Can you post your complete hosts.allow and hosts.deny files?
Not much to them actually: /chroot/tftpd/etc/hosts.allow: # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # in.tftpd : eric.test.com : allow
/chroot/tftpd/etc/hosts.deny: # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # in.tftpd : ALL : deny
Again, I have concerns that I might be missing something in my chroot jail, but when I change my hosts.allow file to read the following, it works fine. in.tftpd: 192.168.3.103 : allow
So I am utterly and totally confused. I keep thinking that there must be something DNS related that I need in the chroot jail that I am missing. I do have a /chroot/tftpd/etc/resolv.conf with the nameserver entry that points to the DNS server, and all files in my /chroot/tftpd/etc dir are world readable. I also have a /chroot/tftpd/etc/hosts file (that is pretty much empty - just a line for 127.0.0.1).
# ls -l /chroot/tftpd/etc -rw-r--r-- 1 root root 148 Jan 14 17:53 hosts -rw-r--r-- 1 root root 417 Jan 14 17:37 hosts.allow -rw-r--r-- 1 root root 370 Jan 13 12:13 hosts.deny -rw-r--r-- 1 root root 1267 Jan 12 21:43 localtime -rw-r--r-- 1 root root 1686 Jan 12 15:50 nsswitch.conf -rw-r--r-- 1 root root 86 Jan 14 17:52 resolv.conf -rw-r--r-- 1 root root 20373 Jan 12 15:47 services
Is there anything else I need that I am missing? Either config file or lib?
Any suggestions of things I can try?
Thanks,
Eric
Something I found:
15.2.3.2. Access Control
Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the allow or deny directive as the final option.
For instance, the following two rules allow SSH connections from client-1.example.com, but deny connections from client-2.example.com:
sshd : client-1.example.com : allow sshd : client-2.example.com : deny
By allowing access control on a per-rule basis, the option field allows administrators to consolidate all access rules into a single file: either hosts.allow or hosts.deny. Some consider this an easier way of organizing access rules.
Conceivably, you could put all rules into one file (hosts.allow maybe). See if that helps..
Mike