[TriLUG] tcpwrappers and imap

sstancil at geekrooms.com sstancil at geekrooms.com
Sun Nov 17 20:24:12 EST 2002


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Here's one bit to consider: the iptables is not the problem.  If
> iptables were getting in the way, then tcpwrappers wouldn't even report
> an attempted connection.

I know, but I wanted to paint a very clear picture of what I have
double-checked. :)


>
> If I'm reading the man page correctly, xinetd is going to drop any
> connection where the name returned by the IP address reverse lookup does
> not match an  IP address of the that name, e.g., if the reverse lookup
> of 10.90.132.1 returns foo.example.com, and the lookup of
> foo.example.com does not have an IP address of 10.90.132.1, then the
> connection gets dropped.  It's possible to compile xinetd not to behave
> that way, but, again, the man page implies that this check is present on
> Red Hat.  Does anyone know this more certainly?
>

I just did a reverse lookup on the IP address from the logs and it does
map to my RoadRunner address.


> iptables could potentially interfere with DNS, which could exacerbate
> the above.
>

Double checked, looks good and the fact that I can see DNS from the
outside-in and inside-out, tells me that iptables is not interfering.

Thanks for the response.

Scott






More information about the TriLUG mailing list