[lug] TCPD paranoia

John Hernandez John.Hernandez at noaa.gov
Thu Dec 21 15:49:58 MST 2000 

I would say make the forward lookup match with the reverse.

ie.

machine-atm1.yourdomain.com -> 192.168.1.1
192.168.1.1 -> machine-atm1.yourdomain.com
machine-atm2.yourdomain.com -> 192.168.1.2
...

and this doesn't eliminate the possibility of doing something like

machine.yourdomain.com -> 192.168.1.1,192.168.1.2

Jeff Howell wrote:
> 
> I'm having a bit of a problem with NFS and my workstation. I'm
> attempting to export my homedir via NFS so that it is my NIS homedir.
> Thus when I log into the undreds of machines I admin, I have the homedir
> from my local machine. I'm running into a wierd problem.
> 
> We have many machines that are multi homed or have many virtual
> interfaces via ATM. The problem is that when I attempt to log in and it
> tries to mount my homedir, my machine is denying them because the IP the
> machine is sending doesnt' always match what my workstation sees when it
> does a reverse DNS lookup.
> 
>  From my logs:
> Dec 21 11:28:11 localhost rpc.mountd: refused mount request from
> xxx.xxx.xxx.xxx (foo.bar.com) for /export/home (/export/home): DNS
> forward lookup does't match with reverse
> 
> (IPs and hostnames have been changed to protect the innocent)
> 
> In my /etc/hosts.allow I have:
> ALL: xxx.xxx. :all where xxx.xxx is the class B i live in.
> 
> /etc/hosts.deny is empty
> 
> Any suggestions?
> 
> Thanks!
> 
> ---
> Jeff Howell
> EDS UNIX Support
> 
>   Linux Slackware: The Ultimate NT Service Pack
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

-- 

John Hernandez, Network Engineer --------------------------------------
US Department of Commerce                             tel: 303-497-6392
NOAA/OAR - Mailstop R/OM12                            fax: 303-497-6005
325 Broadway                            e-mail: John.Hernandez at noaa.gov
Boulder, CO 80303                               http://boulder.noaa.gov
-----------------------------------------------------------------------

More information about the LUG mailing list