I've seen this problem before too.
If you use domain names it is less reliable, as when tcpd does the
reverse
lookup to find the hostname from the IP address, if the DNS server
doesn't
respond in a certain amount of time it gives up and just uses the IP
address.
Which is not explicitly referenced in hosts.allow and therefore is
rejected.
If you want to see if this is the case look in the file /var/log/secure
and
see if you have a line from tcpd that says 'connection rejected from...'
and
if it states an IP address instead of a hostname, there's ya problem.
Your best bet is using IP address in hosts.allow
eg. ALL: 192.168.1.1/255.255.255.0
Hope this helps..
<J>
-----Original Message-----
From: Alan Mead [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 8 December 1999 9:34
To: [EMAIL PROTECTED]; Robert Canary
Subject: Re: host allow/deny
At 04:00 AM 12/7/99 -0600, Robert Canary wrote:
>Okay this just isn't working very well.
>In my host.allow I have
>ALL:.mydomain.net
>ALL:.workplace.com
>In my host.deny I have
>ALL:ALL except .mydomain.net
I think you have the concept correct, this should work (in fact, the
except
shouldn't have any effect). I've had trouble too and I think it has to
do
with DNS and reverse-lookups. If you use IP's in hosts.allow, I bet it
works. Maybe someone can explain DNS better.
-Alan
---
Alan D. Mead / Research Scientist / [EMAIL PROTECTED]
Institute for Personality and Ability Testing
1801 Woodfield Dr / Savoy IL 61874 USA
217-352-4739 (v) / 217-352-9674 (f)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
