Eric B. wrote: >>>> Can you post your complete hosts.allow and hosts.deny files? >>> Not much to them actually: >>> /chroot/tftpd/etc/hosts.allow: >>> # >>> # hosts.allow This file describes the names of the hosts which are >>> # allowed to use the local INET services, as decided >>> # by the '/usr/sbin/tcpd' server. >>> # >>> in.tftpd : eric.test.com : allow >>> >>> /chroot/tftpd/etc/hosts.deny: >>> # >>> # hosts.deny This file describes the names of the hosts which are >>> # *not* allowed to use the local INET services, >>> as decided >>> # by the '/usr/sbin/tcpd' server. >>> # >>> in.tftpd : ALL : deny >>> >>> >>> >>> Again, I have concerns that I might be missing something in >>> my chroot jail, but when I change my hosts.allow file to read >>> the following, it works fine. >>> in.tftpd: 192.168.3.103 : allow >>> >>> So I am utterly and totally confused. I keep thinking that >>> there must be something DNS related that I need in the chroot >>> jail that I am missing. >>> I do have a /chroot/tftpd/etc/resolv.conf with the nameserver >>> entry that points to the DNS server, and all files in my >>> /chroot/tftpd/etc dir are world readable. I also have a >>> /chroot/tftpd/etc/hosts file (that is pretty much empty - >>> just a line for 127.0.0.1). >>> >>> # ls -l /chroot/tftpd/etc >>> -rw-r--r-- 1 root root 148 Jan 14 17:53 hosts >>> -rw-r--r-- 1 root root 417 Jan 14 17:37 hosts.allow >>> -rw-r--r-- 1 root root 370 Jan 13 12:13 hosts.deny >>> -rw-r--r-- 1 root root 1267 Jan 12 21:43 localtime >>> -rw-r--r-- 1 root root 1686 Jan 12 15:50 nsswitch.conf >>> -rw-r--r-- 1 root root 86 Jan 14 17:52 resolv.conf >>> -rw-r--r-- 1 root root 20373 Jan 12 15:47 services >>> >>> >>> Is there anything else I need that I am missing? Either >>> config file or lib? >>> >>> Any suggestions of things I can try? >>> >>> Thanks, >>> >>> Eric >>> >> Something I found: >> >> 15.2.3.2. Access Control >> >> Option fields also allow administrators to explicitly allow or deny >> hosts in a single rule by adding the allow or deny directive as the >> final option. >> >> For instance, the following two rules allow SSH connections from >> client-1.example.com, but deny connections from client-2.example.com: >> >> sshd : client-1.example.com : allow >> sshd : client-2.example.com : deny >> >> By allowing access control on a per-rule basis, the option field allows >> administrators to consolidate all access rules into a single file: >> either hosts.allow or hosts.deny. Some consider this an easier way of >> organizing access rules. >> >> Conceivably, you could put all rules into one file (hosts.allow maybe). >> See if that helps.. > > Just tried putting everything in the hosts.allow but didn't make any > difference. Tried also in the hosts.deny bu no success either. > > Where did you find that reference? What does 15.2.3.2 point to? > > Any other ideas / theories? > - make sure tftpd is really using the in.tftpd name (you said it works with IPs?) - make sure it does resolve the IP correctly. I have no idea how you could test this. but what is the benefit in managing the zone file instead of hosts.*? I mean, since you put the IP in the DNS zone file, why not put it in hosts.*?