Please note the new address for this forum : forum.excito.org. The old address redirects here but I don't know for how long. Thanks !
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

B3 proftpd ignoring TCP Wrapper /etc/hosts.deny [SOLVED]

Got problems with your B2 or B3? Share and get helped!
Post Reply
Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

B3 proftpd ignoring TCP Wrapper /etc/hosts.deny [SOLVED]

Post by Cheeseboy »

Hi all,

Proftpd on B3 seems to be ignoring the TCP Wrapper files /etc/hosts.deny and /etc/hosts.allow.
My /etc/proftpd/modules.conf has this in it:

Code: Select all

LoadModule mod_wrap.c
So I assume it is compiled with the mod_wrap module.

Even if I specifically set the directive TCPAccessFiles like this in /etc/proftpd/proftpd.conf, it seems to ignore it:

Code: Select all

TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
I've added entries like this to the /etc/hosts.deny to test this, both fail for proftpd. "ALL:" works fine for sshd for example, as you would expect:

Code: Select all

ALL: 118.98.29.30
proftpd: 118.98.29.30
It is running in Standalone mode, which I think is the default on the B3.

Am I missing anything?

Best regards,

Cheeseboy
Last edited by Cheeseboy on 26 Jan 2013, 16:09, edited 2 times in total.
Top
Gordon
Posts: 1470
Joined: 10 Aug 2011, 03:18

Re: B3 proftpd ignoring TCP Wrapper /etc/hosts.deny

Post by Gordon »

According to the Gentoo forum you need to run proftpd from xinetd to make it look at the hosts.allow and hosts.deny files. Apparently you also need to configure xinetd to run proftpd as root, but I don't know if that will actually make it run as root or still allow proftp to switch to the user that is configured in its own conf file.
Top
Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: B3 proftpd ignoring TCP Wrapper /etc/hosts.deny

Post by Cheeseboy »

Thanks for your reply Gordon.

I saw something like that too, but I don't really want to do it that way.
I managed to get it to work, although it doesn't quite behave like I'd expect (see comments in the code segment below).

I added the following to /etc/proftpd/proftpd.conf:

Code: Select all

# Use TCP Wrapper files /etc/hosts.allow and /etc/hosts.deny
<IfModule mod_wrap2_file.c>
  WrapEngine on
  WrapTables file:/etc/hosts.allow file:/etc/hosts.deny
  # Use the following line for debugging only. 
  # It will print one line for each line in the hosts files it examines...
  WrapLog /var/log/proftpd/wrap2.log
  # Without the following line, the server will prompt for username and
  # password BEFORE checking hosts.allow/hosts.deny
  # Unfortunately it was introduced in version 1.3.4rc1, and B3 ships with
  # 1.3.3a
  # WrapOptions CheckOnConnect
</IfModule>
Cheers,

Cheeseboy
Top
Gordon
Posts: 1470
Joined: 10 Aug 2011, 03:18

Re: [SOLVED] B3 proftpd ignoring TCP Wrapper /etc/hosts.deny

Post by Gordon »

# Without the following line, the server will prompt for username and
# password BEFORE checking hosts.allow/hosts.deny
That may very well be the reason why they mentioned you should run as root. Good to know that the Proftp developers created a fix for it - and of course a shame that the B3 is running an older version.
Top
Post Reply

Return to “B2 & B3 Support”