From owner-FreeBSD-users-jp@jp.freebsd.org  Thu Jul  1 22:25:05 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id WAA92327;
	Thu, 1 Jul 1999 22:25:05 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from inetfw.sonycsl.co.jp (inetfw.sonycsl.co.jp [203.137.129.4])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id WAA92321
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 1 Jul 1999 22:25:05 +0900 (JST)
	(envelope-from keisuke@csl.sony.co.jp)
Received: from pochi.csl.sony.co.jp (dialup4.csl.sony.co.jp [43.27.98.244])
	by inetfw.sonycsl.co.jp (8.9.3+3.2W/3.7Ws3/99060216) with ESMTP id WAA71678
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 1 Jul 1999 22:25:04 +0900 (JST)
Received: from localhost (localhost.soho.odn.ne.jp [127.0.0.1])
	by pochi.csl.sony.co.jp (8.9.3/3.7W) with ESMTP id WAA06517
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 1 Jul 1999 22:25:07 +0900 (JST)
To: FreeBSD-users-jp@jp.freebsd.org
X-Mailer: Mew version 1.93 on Emacs 20.3 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990701222507O.keisuke@csl.sony.co.jp>
Date: Thu, 01 Jul 1999 22:25:07 +0900
From: Keisuke Inoue <keisuke@csl.sony.co.jp>
X-Dispatcher: imput version 981019(IM102)
Lines: 53
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990625
X-Sequence: FreeBSD-users-jp 43763
Subject: [FreeBSD-users-jp 43763] tcp_wrapper and nfs
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: keisuke@csl.sony.co.jp

$B0f>e$G$9!%(B


$B!V(Binetd$B$N@_Dj$r$9$k$D$b$j$G(B/etc/hosts.allow$B$r$$$8$C$?$iB>$N(B
$B%[%9%H$+$i(Bnfs mount$B=PMh$J$/$J$j$^$7$?!%!W(B
$B$H$$$&<ALd$,$I$3$+$G=P$F$-$F$$$^$;$s$G$7$g$&$+(B?

3.2-RELEASE$B$GI8=`$G$D$$$F$/$k(Btcp_wrapper$B$N@_Dj$r$7$F$$$F!$(B
portmap$B$G$O$^$j$^$7$?!%(B

$B$^$:(B/etc/hosts.allow$B$N1F6AHO0O$G$9$,!$(Btcpdchk$B$G$O(B
/etc/inetd.conf$B$7$+%A%'%C%/$7$J$/$F!$(Binetd.conf$B$K=q$+$l$F$$(B
$B$J$$$b$N$OA4It(BWARNING$B$r=P$7$^$9$,!$<B:]$O(Blibwrap$B$,%j%s%/$5$l(B
$B$F$$$k%P%$%J%j$O$_$s$J1F6A$r<u$1$k$H$$$&$N$O@5$7$$$G$9$+(B? $B!dM-<1<T$NJ}!9(B

$BK\Bj$G$9$,!$(Binetd$B$+$i5/F0$5$l$k$b$N$K4X$7$F$O(Bhosts_access(5)
$B$K=q$+$l$F$$$k$3$H$,Ev$F$O$^$k$h$&$J$N$G$9$,!$(Blibwrap$B$,%j%s(B
$B%/$5$l$F$$$k$b$N$@$H(B

ALL : hostname : allow
      ^^^^^^^^
$B$H$$$&$h$&$K(Bhostname$B$r=q$$$F$b8z2L$,$"$j$^$;$s!%$b$A$m$s$3$N(B
hostname$B$O(BDNS$B$G=g0z!$5U0z=PMh$F!$$5$i$K(B/etc/hosts$B$K$bEPO?$7(B
$B$F$"$j$^$9!%Nc$($P(B
192.168.0.2	gonta.hoge
$B$,$A$c$s$H(BDNS$B$G=g0z!$5U0z=PMh$k$H$7$^$9!%(B
ALL : gonta.hoge : allow
ALL : ALL : deny
$B$G(Bgonta.hoge$B$+$i(Bnfs mount$B$r$9$k$H(B
portmap[313]: connect from 192.168.0.2 to getport(mountd): request from unauthorized host
$B$H$J$j$^$9!%$7$+$7!$(B
ALL : 192.168.0.2 : allow
ALL : ALL : deny
$B$J$i$P(Bgrant$B$G$9!%(B
inetd$B$+$i5/F0$5$l$k(Bftpd$B$J$I$O$I$A$i$G$b(Bgrant$B$G$9!%(B

$B$3$l$O@_Dj$r4V0c$($F$$$k$N$G$7$g$&$+!%(B
$B$=$l$H$bLdBj$,$"$k$N$G$7$g$&$+!%(B

$B$=$l$+$i!$IUB0IJ$K$7$F$O(Bman$B$G>pJs$,8+$D$+$j$^$;$s!%(B
hosts_access(5)$B!$(Bhosts_options(5)

$B$d4XO"(Bmanual$B$r8+$F$b(Bportmap$B$,1F6A$r<u$1$k$h$&$J$3$H$O8+$D$+(B
$B$i$J$+$C$?$7!$(Bman$B$N4XO"9`L\$K(Btcpd(8)$B$J$s$F$"$C$F$b$=$s$J%^%K%e(B
$B%"%kL5$$$7!$(Bhandbook$B$d(BFAQ$B$r8+$^$7$?$,@_Dj$N;EJ}$O:\$C$F$$$^(B
$B$;$s!%(Btcp_wrapper$B$N%=!<%9$r<h$C$F$-$F%I%-%e%a%s%H$r8+$J$5$$(B
$B$H$$$&$N$O@5$7$$>u67$G$J$$$G$9$h$M!%(B
# kill and try$B$r$7$^$/$C$FHh$l$^$7$?(B...


--
Keisuke Inoue <keisuke@csl.sony.co.jp>
SONY Computer Science Laboratories Inc.
