[leafnode-list] Connection refused for all but localhost
Matthias Andree
ma at dt.e-technik.uni-dortmund.de
Wed Oct 6 11:25:08 CEST 2004
Gundemarie Scholz <spamyousilly at inbox.ru> writes:
> 5. vi /etc/inetd.conf
> nntp stream tcp nowait news /usr/sbin/tcpd /usr/local/sbin/leafnode
>
> 6. vi /etc/hosts.allow
> leafnode: 127.0.0.1 172.20.128.0/21 172.20.0.0/21: ALLOW
AFAIK, tcpd doesn't understand ip1.ip2.ip3.ip4/prefix notation, you'll
have to "spell out" the netmask:
leafnode: 127.0.0.1 172.20.128.0/255.255.248.0 172.20.0.0/255.255.248.0:ALLOW
If that doesn't help, try running tcpdchk and check for warnings related
to leafnode.
> # less /var/log/messages | grep leafnode [repetitions snipped] Oct 6
> 10:32:28 gunde leafnode[11438]: connect from 127.0.0.1 (127.0.0.1) Oct 6
> 10:44:52 gunde leafnode[11475]: refused connect from 172.20.128.100
> (172.20.128.100)
That is, euhm, interesting. You can also try:
tcpdmatch leafnode 172.20.128.100
It should tell you which line in which file causes the reject.
> # less /etc/hosts.allow |grep leafnode leafnode: 127.0.0.1
> 172.20.128.0/21 172.20.0.0/21: ALLOW leafnode: ALL: DENY
You'd use something like:
grep leafnode /etc/hosts.allow
(at any rate, without less).
> I read through http://www.fredi.de/maillist/archiv/2001/msg00648.html,
> but the hints there didn't help me; do you have any further advice for
> me?
If the hints above don't show you the way to a solution, please post
what you've found in the meantime and also show the output of "ifconfig"
or on very modern Linux distributions "ip address show".
--
Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
More information about the leafnode-list
mailing list