Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Enable remote access with TCP wrappers from dynamic IPs' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Enable remote access with TCP wrappers from dynamic IPs
Authored by: tinker on Nov 09, '03 02:52:54AM

I wondered that too. I suspect the issue would be similar, though, because hosts.allow and hosts.deny are accessed by inetd, and inetd does three things: it gets the IP of the incoming host (say, 123.456.78.90), resolves it (say, 78-90.yourISP.com), and then checks to see whether either 123.456.78.90 or 78-90.yourISP.com is in hosts.allow. If you use no-IP, you're given a "fake" domain (say, foo.noip.net) which always resolves to your current IP, which is great, but when inetd checks hosts.allow, it doesn't translate foo.noip.net into 123.456.78.90 before comparing it to the incoming host. So, it compares the first two addresses to the third, finds no match, and rejects. That's why putting foo.noip.net into hosts.allow won't work but looking it up with nslookup and *then* putting it in hosts.allow will.

All of which is a long-winded way of saying, if xinetd always resolves the domains in its no_access rules before comparing to incoming IPs, it would work -- but I don't know whether it does.



[ Reply to This | # ]