Subject: Re: [netatalk-admins] Using TCPWrappers
From: Steven Karel (karel@brandeis.edu)
Date: Sun Sep 12 1999 - 11:13:23 EDT
Here's my understanding of setting up tcpwrappers with afpd
/etc/inetd.conf : don't touch it, you don't need to
/etc/hosts.allow and /etc/hosts.deny: add lines with the tcpwrapper
syntax, for the service "afpd"
examples from my files:
hosts.allow:
afpd: .brandeis.edu, my.other.allowedaddress.com
hosts.deny
afpd: ALL
this allows appleshare IP from any machine in brandeis.edu and also
from my.other.allowedaddress.com and denies from any other.
I've tested this, and it seems to work.
---my question:
I would like to be able to run multiple instances of afpd on different ports and apply different hosts.allow and hosts.deny rules to them. At present, I can't figure out a way to do this.
for example, in afpd.conf I have:
"Example Public" -uamlist uams_guest.so -loginmesg "Welcome Brandeis Users" -po rt 24001 -nouservol -defaultvol /usr/local/atalk/etc/GuestVolumes.default "Example Users" -port 24002 -uservol -uamlist uams_clrtxt.so,uams_dhx.so "Example External" -ipaddr 10.10.10.11 -port 24000 -noddp -uamlist uams_dhx.so -nosavepassword
(names, port #s, and ip addresses changed to protect the innocent)
and this seems to work, although afpd listens at all the ip addresses on eth0 instead of only at the one specified..., but it seems to be all or nothing with tcpwrappers -- it applies to all of the afpd services. What I'd like to do is allow connections to "Example External" from outside the university, but not to the "Example Users" or "Example Public" shares.
steven
> >And have struggled with what exactly to put in /etc/inetd.conf. The >closest thing to success has been: > >afpovertcp stream tcp wait root /usr/sbin/tcpd \ > /usr/local/atalk/sbin/afpd -d > >(Note: I've broken the above line into two pieces; in the inetd.conf file >it's just a single line) > >Of course, if that worked I wouldn't be writing! In the course of these >tests I did shutdown afpd as it was launched from /etc/rc.d/init/atalk, >but left atalkd running. I played with >different things on the inetd.conf line, but haven't had success. On my >Mac I'm using Mac OS 8.6 and clicking on the 'Server IP Address' button to >enter the netatalk host machine. When I use the above line the Mac put up >a dialog box saying something like "Connecting to...." but it doesn't ever >put up the login screen (name, password). afpd starts, but it seems to be >a 'normal' start, i.e. it's still running after I cancel this and the >server's name begins to show up in the Chooser. > >I've also tried eliminating the '-d' option and that didn't seem to make >much difference (I'd just guess that the -d option is there for debugging >purposes.) > >So, I'm guessing that afpd needs to called in some way that I am not >imagining. Any advise would be greatly appreciated. Apologies in advance >if this is clearly documented somewhere, but I've tried to find where that >is and haven't (obviously) met with success. > >------------------------------------ >Peter Gutowski <peterg@powervue.com> >http://www.powervue.com/~peterg
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:17:13 EST