[TriLUG] Dynamic IP headaches..

Matt Frye mattfrye at gmail.com
Thu Oct 21 03:38:45 EDT 2004


On Wed, 20 Oct 2004 09:03:11 -0400, Aaron S. Joyner <aaron at joyner.ws> wrote:
> Brian Henning wrote:
> 
> >Hey List,
> >  Am I correct in figuring that the combination of my home network having a
> >dynamic public IP, combined with the related lack of reverse DNS, will make
> >it impossible to use my dynip hostname in a hosts.allow (in conjunction with
> >a :ALL in hosts.deny) on a server at work?
> >
> >
> I'm not so clear on whether reverse DNS will affect tcpwrappers
> processing or not.

Good question.  My experience tells me that yes, lack of reverse DNS
precludes you from offering access via hosts.allow.

For example, if I were a fluffy.rr.com customer, even if I spec
frye.dyndns.org in my hosts.allow, tcp wrappers will see whatever my
fluffy.rr.com ip resolves to "for real."

A potential solution is to setup ".trilug.org" or some kind of
intermediary in hosts.allow so that wherever you are, you can ssh to
trilug (in this case) and then on your dyn ip name.  This works well
for me.  It's an extra step, granted, but one that can be mitigated by
PKI, authorized_keys, etc.

MPF

PS The hostnames in this post have been changed to protect the silly.



More information about the TriLUG mailing list