I installed tcp wrappers version 7.6

and

modify my inetd.conf file from

ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd

to

ftp stream tcp6 nowait root /usr/local/bin/tcpd /usr/sbin/in.ftpd -l

created /etc/hosts.allow file
and
modify it to only allow ftp from mydomain only

but this is denying ftp traffic from everywhere
including mydomain

every time I attempt to ftp it sends a warning message to syslog

warning: can't verify hostname: gethostbyname failed

I issued tcpdmatch in.ftpd 127.0.0.1 it report permit

can you help?

Thanks in Advance

What did you put in hosts.allow? What is your host IP? Are you using DNS? Are you ftping from one system to another or from the same system to itself?

Give an exact example if you don't want to post real IPs and subnets.

Example: if your subnet is 10.140.16.x and server IP is 10.140.16.10 but you don't want to post it

put 1.14.1.x for subnet and 1.14.1.10 as the IP

Post your hosts.allow (or the portion you changed)
Example

in.ftpd: 10.
in.ftpd: 172.16.

in my hosts.allow file

I have

in.ftpd: 191.95.x.x/255.255. 0.0

my host ip is 191.95.x.x

and I am ftping from a pc in my local area network, ip adrress
191.95.x.x

Change your hosts.allow entry - I set up mine for my local subnet to look like yours (using my numbers) and it failed with service not available right after it worked before the change.

I believe it's the x.x you have in there:
in.ftpd: 191.95.x.x/255.255. 0.0

I changed it (a couple of times) and found this to work;

in.ftpd: 191.95. /255.255. 0.0

in.ftpd: 191.95./255.255. 0.0 will not work - needs that space - I still am looking to see if the /255.255.0.0 is valid (will post back)

Thanks RTM, I tried your suggestions

in.ftpd: 191.95. /255.255. 0.0

but this still does not work.

still getting the same warning in syslog "warning can't verity hostname: gethostbyname failed.

nslookup can resolve the ip address.

Do the following to verify DNS - if you don't get anything back on the PTR then DNS is messing you up:

% nslookup
Default Server: which1.mycom.com
Address: 1.14.1.2

> medusa
Server: which1.mycom.com
Address: 1.14.1.2

Name: medusa.mycom.com
Address: 1.14.64.76

> set type=ptr
> 1.14.64.76
Server: which1.mycom.com
Address: 1.14.1.2

76.64.14.1.in-addr.arpa name = medusa.mycom.com
64.14.1.in-addr.arpa nameserver = which1.mycom.com
64.14.1.in-addr.arpa nameserver = which2.mycom.com
which1.mycom.com internet address = 1.14.1.2
which2.mycom.com internet address = 1.14.2.2

my Dns is resolving ip address, I carried out your suggestion to test the dns and the Dns work fine.


when I disabled tcp wrappers in /etc/inetd.conf
I was able to ftp from anywhere and no warning message in syslog

but with tcp wrappers enable in /etc/inetd.conf
that is

ftp stream tcp6 nowait root /usr/local/bin/tcpd /usr/sbin/in.ftpd -l

then ftp from my LAN does not work hence error message in syslog