From: Dmitry Lebkov <dima@sakhalin.ru>
To: community@altlinux.ru
Subject: Re: [Comm] bugs?: cisco -> xinetd(tftpd) - why?
Date: Sat, 27 Sep 2003 05:02:29 +1100
Message-ID: <20030927050229.675d381c.dima@sakhalin.ru> (raw)
In-Reply-To: <20030926170559.340d939a.olli@rbauto.ru>
On Fri, 26 Sep 2003 17:05:59 +0400
Oleg K.Artemjev <olli@rbauto.ru> wrote:
>
>
> Какие-то невнятные ошибки.. кто нибудь может объяснить в
> чем дело? Конфиги, логи, screen dump'ы ниже:
>
>
> На cisco:
> 3550gbic@4=cs241#sh run | inc address
> ip address 192.168.100.241 255.255.255.0
> ip address 192.168.200.241 255.255.255.0
> 3550gbic@4=cs241#copy run tftp
> Source filename [running-config]?
> Address or name of remote host []? 192.168.100.2
> Destination filename [3550gbic@4=cs241-confg]?
> ...!!
> 4975 bytes copied in 15.528 secs (320 bytes/sec)
> 3550gbic@4=cs241#
>
> На pc в конфигах:
>
> -----------------/etc/xinetd.conf-------------
> # Simple configuration file for xinetd
> #
> # Some defaults, and include /etc/xinetd.d/
>
> defaults
> {
> log_type = SYSLOG authpriv
> log_on_success = PID HOST USERID EXIT DURATION
> log_on_failure = HOST RECORD USERID
> instances = 25
> per_source = 5
> # localhost
> only_from = 127.0.0.1
> # cisco equipment
> only_from = 172.16.11.1
> only_from = 192.168.100.241
> only_from = 192.168.200.241
> only_from = 192.168.100.244
> only_from = 192.168.100.246
> only_from = 192.168.100.249
> only_from = 192.168.200.249
> }
>
> includedir /etc/xinetd.d
> -----------------/etc/xinetd.conf-------------
> -----------------/etc/xinetd.d/tftp-------------
> # default: off
> # description: The tftp server serves files using the trivial file transfer \
> # protocol. The tftp protocol is often used to boot diskless \
> # workstations, download configuration files to network-aware printers, \
> # and to start the installation process for some operating systems.
> service tftp
> {
> disable = no
> socket_type = dgram
> wait = no
> user = root
> server = /usr/sbin/in.tftpd
> server_args = -v -c -u tftp -s /0tftpd-storedir
> }
> -----------------/etc/xinetd.d/tftp-------------
>
> [root@ws002 root]# cat /etc/hosts.allow | grep 241
> # 3550gbic@4=cs241, both addresses
> in.tftpd: 192.168.100.241
> in.tftpd: 192.168.200.241
> [root@ws002 root]# cat /etc/hosts.deny | grep 241
> [root@ws002 root]#
>
> На pc в логах:
> [root@ws002 root]# grep tftp /var/log/all | tail -120
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18071 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18072 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18073 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18074 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18075 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: FAIL: tftp per_source_limit from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18073]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18073]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18073 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18074]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18074]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18074 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18075]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18075]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18075 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18071]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18071]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18071 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18072]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18072]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18072 duration=0(sec)
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18076 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18077 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18078 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18079 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18080 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: FAIL: tftp per_source_limit from=192.168.100.241
> Sep 26 16:42:46 ws002 xinetd[2084]: FAIL: tftp per_source_limit from=192.168.100.241
> Sep 26 12:42:52 ws002 in.tftpd[18081]: WRQ from 192.168.100.241 filename 3550gbic@4=cs241-confg
> [root@ws002 root]#
>
>
> Все конечно пишется.. но какого хрена эти самые FATAL?? Причем по второму разу спустя пару минут я ошибок
> уже не наблюдаю:
>
> 3550gbic@4=cs241#copy run tftp
> Source filename [running-config]?
> Address or name of remote host []? 192.168.100.2
> Destination filename [3550gbic@4=cs241-confg]?
> !!
> 4975 bytes copied in 0.268 secs (18563 bytes/sec)
> 3550gbic@4=cs241#
В конфигах xinetd убери все упоминания USERID - это лишние
"тормоза". Врядли у тебя везде работает identd ...
Также, IMHO, вместо only_from в xinetd.conf лучше пользовать
tcp_wrappers (hosts.deny|allow, man 5 host_access).
--
WBR, Dmitry Lebkov
next prev parent reply other threads:[~2003-09-26 18:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-26 13:05 Oleg K.Artemjev
2003-09-26 18:02 ` Dmitry Lebkov [this message]
2003-09-29 9:03 ` Oleg K.Artemjev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030927050229.675d381c.dima@sakhalin.ru \
--to=dima@sakhalin.ru \
--cc=community@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git