UNIX for Advanced & Expert Users

Try this

/etc/hosts.deny
-------------------------
ALL:ALL


/etc/hosts.deny
---------------------------
ALL: 192.168.0.0/255.255.0.0



If that works, then that means it may be the designation for in.ftpd that is setup incorrectly.

The solution require proper configuration in hosts.allow & hosts.deny, but that alone will NOT overcome this problem. I know of only 2 ways to overcome this...

1) Install TCP Wrappers IPv6 (tcp_wrappers_7.6-ipv6.tar.gz)

2) Or change /etc/inetd.conf - by changing all occurrances of the following...

============================================

tcp6 --> tcp (see example below)
------------------------------------------
FROM:
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
TO:
ftp stream tcp nowait root /usr/local/bin/tcpd /usr/sbin/in.ftpd -l


udp6 --> udp (see example below)
------------------------------------------
FROM:
tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
TO:
tftp dgram udp wait root /usr/local/tcpd in.tftpd -s /tftpboot

============================================

Since there is (in most cases) no need for IPv6, I prefer option #2.

Benefiting from IPv6 means that you replace all the company's network equipment with IPv6 compatiples (i.e. since everything that is not IPv6 will not handle it) ... and this can be rather expensive.

The Solaris OE comes with IPv6 capability, but the benefits of having this in Solaris will probably not be seen for a few years to come, as networking equipment gets replaced by either attrition, necessity, or a extra income that the company doesn't know what to do with...

To keep in line with your inetd.conf format, I should probably change the one example to...

udp6 --> udp (see example below)
------------------------------------------
FROM:
tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
TO:
tftp dgram udp wait root /usr/local/tcpd /usr/sbin/in.tftpd -s /tftpboot

mslightn:

Don't do that. TCP wrappers, when used through inetd.conf, only work for services using the TCP protocol. By doing the above, you have probably broken his tftp server, which uses the udp protocol.

Please note, udp services can use the tcp libraries and hosts.allow/hosts.deny, however, it cannot be done through inetd.conf like you stated in your example above. It must be coded directly into the service (like UCD-SNMP for example).

There's no need to make an issue of this...

But for hassan2's sake, the following are excerps from the TCP Wrapper README file:

===========================================

1 - Introduction
----------------

With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.

It supports both 4.3BSD-style sockets and System V.4-style TLI. Praise yourself lucky if you don't know what that means.

...

===========================================

This is also stated in the man pages (`man tcpd`)...

** Most importantly, I have tested this.

hassan2 - this works very well, so don't let anyone daunt your efforts on this. You're on the right track.

Thanks everyone I finally got tcp wrappers working by installing

tcp_wrappers_7.6-ipv6.tar.gz for ipv6

and modifying inetd.conf

Thanks again