| View previous topic :: View next topic |
| Author |
Message |
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
 Posted: Sun Oct 24, 2004 1:59 pm Post subject: xinetd |
 |
|
Hi!
A newbie-question this time: How do I limit my xinetd-enabled FTP-server to ONLY accept logins from 127.0.0.1?
I have tried an only_from, but that doesn't seem to work (yet)...
Even by default I get the following when attempting a 'ftp localhost':
| Code: |
Oct 24 15:58:01 sb62g2 xinetd[15512]: libwrap refused connection to ftp (libwrap=vsftpd) from 127.0.0.1
|
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
 |
sf_alpha
Tux's lil' helper
Joined: 19 Sep 2002
Posts: 136
Location: Bangkok, TH
|
| Posted: Sun Oct 24, 2004 2:24 pm Post subject: |
|
|
/etc/xinetd.d/vsftpd
add
only_from = 127.0.0.1
_________________
Gentoo Mirrors in Thailand (and AP)
http://gentoo.in.th |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Sun Oct 24, 2004 9:59 pm Post subject: |
|
|
I have tried that, as I mentioned... 
That gives me:
| Code: |
Connected to localhost.
421 Service not available, remote server has closed connection
|
And in the syslog:
| Code: |
Oct 24 23:57:05 sb62g2 xinetd[14628]: libwrap refused connection to ftp (libwrap=vsftpd) from 127.0.0.1
|
[/code]
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Sun Oct 24, 2004 10:20 pm Post subject: |
|
|
Uhm.... if libwrap refuses the connection, it's probably a tcpwrapper problem. Have you checked your /etc/hosts.allow and /etc/hosts.deny files ? You might have something there that filters your connection
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Mon Oct 25, 2004 4:19 am Post subject: |
|
|
Yup, there it s!
| Code: |
cat /etc/hosts.deny
ALL: 127.0.0.1
ALL: 127.0.0.1
|
Hmm, how/why did that end up there...? 
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Mon Oct 25, 2004 8:09 am Post subject: |
|
|
| meulie wrote: |
Hmm, how/why did that end up there...? |
Got no idea... did you use some kind of hardening script lately (e.g.: Bastille) ?
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Mon Oct 25, 2004 9:38 am Post subject: |
|
|
Nope... But I guess 127.0.0.1 should be in .allow. instead of in .deny...
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
To
Veteran
Joined: 12 Apr 2003
Posts: 1145
Location: Coimbra, Portugal
|
| Posted: Mon Oct 25, 2004 1:36 pm Post subject: |
|
|
| meulie wrote: | | Nope... But I guess 127.0.0.1 should be in .allow. instead of in .deny... |
You're right about that 
Tó
_________________
------------------------------------------------
Linux Gandalf 3.2.35-grsec
Gentoo Base System version 2.2
------------------------------------------------ |
|
| Back to top |
|
|
|
Networking & Security
