[leafnode-list] Connection refused for all but localhost

Matthias Andree ma at dt.e-technik.uni-dortmund.de
Wed Oct 6 11:25:08 CEST 2004


Gundemarie Scholz <spamyousilly at inbox.ru> writes:

> 5. vi /etc/inetd.conf
>    nntp stream tcp nowait news /usr/sbin/tcpd /usr/local/sbin/leafnode
>
> 6. vi /etc/hosts.allow
>    leafnode: 127.0.0.1 172.20.128.0/21 172.20.0.0/21: ALLOW

AFAIK, tcpd doesn't understand ip1.ip2.ip3.ip4/prefix notation, you'll
have to "spell out" the netmask:

leafnode: 127.0.0.1 172.20.128.0/255.255.248.0 172.20.0.0/255.255.248.0:ALLOW

If that doesn't help, try running tcpdchk and check for warnings related
to leafnode.

> # less /var/log/messages | grep leafnode [repetitions snipped] Oct 6
> 10:32:28 gunde leafnode[11438]: connect from 127.0.0.1 (127.0.0.1) Oct 6
> 10:44:52 gunde leafnode[11475]: refused connect from 172.20.128.100
> (172.20.128.100)

That is, euhm, interesting. You can also try:

tcpdmatch leafnode 172.20.128.100

It should tell you which line in which file causes the reject.

> # less /etc/hosts.allow |grep leafnode leafnode: 127.0.0.1
> 172.20.128.0/21 172.20.0.0/21: ALLOW leafnode: ALL: DENY

You'd use something like:

grep leafnode /etc/hosts.allow

(at any rate, without less).

> I read through http://www.fredi.de/maillist/archiv/2001/msg00648.html,
> but the hints there didn't help me; do you have any further advice for
> me?

If the hints above don't show you the way to a solution, please post
what you've found in the meantime and also show the output of "ifconfig"
or on very modern Linux distributions "ip address show".

-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)



More information about the leafnode-list mailing list