On Mon, 2008-01-14 at 12:54 -0500, Eric B. wrote:
I've been working at getting a tftp server up an running in a chroot jail, and I have finally succeed getting almost everything working.<snip>
i.e., putting an fqdn in the hosts.allow file only gives security by obscurity. if someone figures out the fqdns that you're giving access to, and has control of the in-addr.arpa for an ipnumber range they can connect from, they can gain access to your system.
- Rick
Thanks for the feedback Rick. I didn't realize that security implication. However I'm already running this on a machine that is heavily firewalled on a VPN so I am fairly sure that no one will be accessing this externally, but I still would like to restrict access to particular machines. Ideally, would rather use FQDN to make life easier for me to administer. I have created my additional reverse-dns pointer but I am still having problems with it.
nslookup from the server gives me: # nslookup 192.168.3.103 Server: 192.168.1.67 Address: 192.168.1.67#53
103.3.168.192.in-addr.arpa name = eric.test.com.3.168.192.in-addr.arpa.
However, when I try to connect to the tftp server, my connection is still refused, and I get the following in the log msgs:
Jan 14 12:49:19 apollo atftpd[15302]: Connection refused from 192.168.103.103
I am obviously doing something still incorrect, but not sure what.
Can you help point me in the right direction please? Is my reverse DNS incorrectly set up?
Have you checked the firewall settings on the target machine? IIRC, long ago when I was doing some sharing, I tested if it was firewall by disabling firewall on the target (inside a private net, no/low risk) temporarily and it worked. That clued me to get my iptables adjusted to allow my local net denizens have access to a small set of services.
Thanks,
Eric
<snip sig stuff>
HTH