@Home in fremont vs. tcpwrappers
Stuart Marshall
stuart@igpp.ucllnl.org
Thu, 13 Dec 2001 10:29:50 -0800
Hi Folks,
I'm using debian and @home in Fremont and I'm hoping one of you can
advise. I used to have a fixed ip address and of course that is
gone now. With woody/testing and dhclient my network connection is
just fine.
The problem is that at work (ucllnl.org) we only allow ssh incoming
connections (duh) and we only allow connections from "blessed" hosts
or subnets via the /etc/hosts.allow mechanism.
With the line:
sshd, sshdfwd-X11 : 12.234.242.65/255.255.252.0 : ALLOW
in my (at work) /etc/hosts.allow file, I've attempted to let in the
subnet that my @home ip is on. The logs indicate that I connect but
the tcpwrapper routines dump me because gethostbyname() fails. Here
is the relevant stuff from the log file:
can't verify hostname: gethostbyname(12-234-242-65.client.attbi.com) failed
which was generated in the function sock_hostname(), causing it to
return PARANOID which then caused my @home ssh client to get dumped.
Does anyone know how to set up /etc/hosts.allow to let in a subnet
where the hostname for the incoming ip address cannot be looked up?
I've re-read the hosts_access manpage several times and don't see a
way. Or perhaps I need some additional options for dhclient to get
the hostname lookup to work correctly. My home computer thinks it
has another hostname. I do want to restrict access to subnets.
thanks,
Stuart