Also sprach Joshua Baker-LePain (Tue 01 Jul 02003 at 10:29:38PM -0400):
> On Tue, 1 Jul 2003 at 6:36pm, Michael D. Schleif wrote
>
> > # grep amanda /etc/inetd.conf
> > amanda dgram udp wait backup /usr/sbin/tcpd /usr/lib/amanda/amandad
> > amandaidx stream tcp nowait backup /usr/sbin/tcpd /usr/lib/amanda/amindexd
> > amidxtape stream tcp nowait backup /usr/sbin/tcpd /usr/lib/amanda/amidxtaped
>
> What's in /etc/hosts.{allow,deny}. You've TCP wrapped amandad, are you
> letting localhost connect?
# cat /etc/hosts.{allow,deny}
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5), hosts_options(5)
# and /usr/doc/netbase/portmapper.txt.gz
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/netbase/portmapper.txt.gz for further information.
#
ALL: LOCAL
statd: .private.network
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5), hosts_options(5)
# and /usr/doc/netbase/portmapper.txt.gz
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/netbase/portmapper.txt.gz for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID
> Also, is ip{chains,tables} in the way?
# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Bragi is inside a private network, which is firewalled to the Internet;
but, as you can see, no firewalling is done inside this network.
What do you think?
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
pgp1zcCCtrCAH.pgp
Description: PGP signature
|