On Mon, 2008-01-14 at 12:54 -0500, Eric B. wrote: > > > > > > I've been working at getting a tftp server up an running in a > > > chroot jail, and I have finally succeed getting almost everything > > > working.<snip> > > i.e., putting an fqdn in the hosts.allow file only gives security by > > obscurity. if someone figures out the fqdns that you're giving access > > to, and has control of the in-addr.arpa for an ipnumber range they > > can connect from, they can gain access to your system. > > > > - Rick > > > > Thanks for the feedback Rick. I didn't realize that security implication. > However I'm already running this on a machine that is heavily firewalled on > a VPN so I am fairly sure that no one will be accessing this externally, but > I still would like to restrict access to particular machines. Ideally, > would rather use FQDN to make life easier for me to administer. I have > created my additional reverse-dns pointer but I am still having problems > with it. > > nslookup from the server gives me: > # nslookup 192.168.3.103 > Server: 192.168.1.67 > Address: 192.168.1.67#53 > > 103.3.168.192.in-addr.arpa name = eric.test.com.3.168.192.in-addr.arpa. > > > However, when I try to connect to the tftp server, my connection is still > refused, and I get the following in the log msgs: > > Jan 14 12:49:19 apollo atftpd[15302]: Connection refused from > 192.168.103.103 > > > I am obviously doing something still incorrect, but not sure what. > > Can you help point me in the right direction please? Is my reverse DNS > incorrectly set up? Have you checked the firewall settings on the target machine? IIRC, long ago when I was doing some sharing, I tested if it was firewall by disabling firewall on the target (inside a private net, no/low risk) temporarily and it worked. That clued me to get my iptables adjusted to allow my local net denizens have access to a small set of services. > > Thanks, > > Eric > <snip sig stuff> HTH -- Bill