From owner-freebsd-hackers Mon Oct 21 22:39:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C06E237B401 for ; Mon, 21 Oct 2002 22:39:51 -0700 (PDT) Received: from samwise.jobeus.net (samwise.jobeus.net [205.206.125.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29A2143E6A for ; Mon, 21 Oct 2002 22:39:51 -0700 (PDT) (envelope-from freebsd@jobeus.net) Received: (from root@localhost) by samwise.jobeus.net (8.12.6/8.12.3) id g9M5dVEh034555; Mon, 21 Oct 2002 23:39:31 -0600 (MDT) (envelope-from freebsd@jobeus.net) Received: from localhost (freebsd@localhost [127.0.0.1]) by samwise.jobeus.net (8.12.6/8.12.3av) with ESMTP id g9M5dUMs034547; Mon, 21 Oct 2002 23:39:30 -0600 (MDT) (envelope-from freebsd@jobeus.net) Date: Mon, 21 Oct 2002 23:39:30 -0600 (MDT) From: Scott Carmichael To: cjclark@alum.mit.edu Cc: freebsd-hackers@freebsd.org Subject: Re: IP resolving In-Reply-To: <20021021193505.GB64666@blossom.cjclark.org> Message-ID: <20021021233450.D34501-100000@samwise.jobeus.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > You never said if you are using TCP wrappers. Can you show us the > actual output from the machine? What do, Yes, I guess I am now, but the problem existed before as well. The TCP wrapper is just whatever is enabled by configuring /etc/hosts.allow. In the following, 'andrew' is the account that shows he's logged in from samwise, which is actually my box, and he's a few hundred miles away from an IP that netstat will show later on. > $ w 11:35PM up 7 days, 17 mins, 3 users, load averages: 1.02, 1.02, 1.01 USER TTY FROM LOGIN@ IDLE WHAT andrew p1 samwise 8:24PM 3:11 -tcsh (tcsh) jobe p2 moria 11:31PM - pine -zi > $ w -n 11:36PM up 7 days, 18 mins, 3 users, load averages: 1.01, 1.02, 1.00 USER TTY FROM LOGIN@ IDLE WHAT andrew p1 205.206.125.238 8:24PM 3:12 -tcsh (tcsh) jobe p2 205.206.125.235 11:31PM - pine -zi (here, it's displaying MY ip as well) > $ who 23:36 (1603) jobe@samwise:[~]> who andrew ttyp1 Oct 21 20:24 (205.206.125.238) jobe ttyp2 Oct 21 23:31 (moria) > $ last | head 23:36 (1604) jobe@samwise:[~]> last | head jobe ttyp2 moria Mon Oct 21 23:31 still logged in [deletia] andrew ttyp1 205.206.125.238 Mon Oct 21 20:24 still logged in > $ netstat -an Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 205.206.125.238.139 148.240.10.206.3568 TIME_WAIT tcp4 0 20 205.206.125.238.22 205.206.125.235.3919 ESTABLISHED tcp4 0 0 205.206.125.238.22 205.206.125.235.3916 ESTABLISHED tcp4 0 0 205.206.125.238.139 205.206.125.235.3201 ESTABLISHED tcp4 0 0 205.206.125.238.22 24.157.160.165.60145 ESTABLISHED tcp4 0 0 205.206.125.238.139 205.206.125.236.37858 ESTABLISHED tcp6 0 0 ::1.953 *.* LISTEN tcp4 0 0 127.0.0.1.953 *.* LISTEN tcp4 0 0 127.0.0.1.53 *.* LISTEN tcp4 0 0 205.206.125.238.53 *.* LISTEN udp4 0 0 127.0.0.1.3724 *.* udp4 0 0 127.0.0.1.3397 *.* udp4 0 0 205.206.125.238.138 *.* udp4 0 0 205.206.125.238.137 *.* udp4 0 0 127.0.0.1.53 *.* udp4 0 0 205.206.125.238.53 *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr d4029aa0 stream 0 0 d4567740 0 0 0 /tmp/screens/S-root/25091.ttyp1.samwise d4029be0 stream 0 0 d410f200 0 0 0 /tmp/mysql.sock d4029a00 dgram 0 0 0 d4029f00 0 d4029d20 d4029d20 dgram 0 0 0 d4029f00 0 d4029dc0 d4029dc0 dgram 0 0 0 d4029f00 0 d4029e60 d4029e60 dgram 0 0 0 d4029f00 0 0 d4029f00 dgram 0 0 d4024500 0 d4029a00 0 /var/run/log NOTE: here his IP shows properly: 24.157.160.165 > Show? Do you get identical results with rlogin and ssh? Can we see > both? rlogin is completely identical, though I can't contact the guy to try it out... but I've seen it in the past as the same results. Thanks, Scott > > On Fri, 18 Oct 2002, Crist J. Clark wrote: > > > > > On Sun, Oct 13, 2002 at 11:00:26PM -0600, Scott Carmichael wrote: > > > > Can someone help me here? Is there a code change I can make somewhere? > > > > > > > > Please CC me on any replies, as I am not subscribed to -net or -hackers. > > > > > > -net removed. -hackers left (although this might be more of a > > > -questions thread). > > > > > > > ---------- Forwarded message ---------- > > > > Date: Fri, 11 Oct 2002 14:14:08 -0600 (MDT) > > > > From: Scott Carmichael > > > > To: freebsd-questions@FreeBSD.ORG > > > > Subject: IP resolving > > > > > > > > I would like to know two things... Why FreeBSD acts in the following way > > > > while OpenBSD does not, and if it's possible to fix this? > > > > > > > > It seems that if anyone connects to my FreeBSD server wish a hostname that > > > > does not match their IP, > > > > > > "Hostname does not match their IP?" What exactly does that mean? All > > > the OS knows is the remote IP address. It doesn't know what hostname > > > the remote claims to have. The application server might receive a > > > hostname though, but then I would expect the behavior to vary > > > according to the application used to connect. > > > > > > > I get a console message about the mismatch, and > > > > > > Something is generating a message to syslogd(8). Figure out what it is > > > and edit syslog.conf(5) appropriately. Are you using TCP wrappers or > > > something? > > > > > > > then if they connect via rlogin or ssh, 'who', 'w', 'last', etc. all > > > > report that they are connected _from_ MY box, which they aren't. > > > > > > Strange. What does 'netstat -a' or 'sockstat' report? 'w' works fine > > > for me. > > > -- > > > Crist J. Clark | cjclark@alum.mit.edu > > > | cjclark@jhu.edu > > > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > > > > > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message