LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 03-10-2008, 01:04 PM   #1
witch_doctor
LQ Newbie
 
Registered: Jun 2007
Posts: 10

Rep: Reputation: 0
Question Can I disable reverse lookups in vsftpd?


Hi all,
I'm using Fedora 8 in a machine at work and I have set up a vsftpd server. I need to limit access to it to only a few clients which I have put in my hosts.allow file. One of them is a client having a dynamic IP from an ISP, so he uses dynamic DNS to map his IP to his hostname every time.
vsftpd does a reverse lookup which of course fails, and denies access. Is there any way to disable r-lookups either in vsftpd or in xinetd to remedy this?

thanks.
 
Old 03-10-2008, 01:33 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
What do your logs indicated? I never heard or know of an option in vsftpd that denies access due to reverse dns lookups. I would believe the issue is something else and not due to a dynamic IP.
 
Old 03-11-2008, 12:59 AM   #3
witch_doctor
LQ Newbie
 
Registered: Jun 2007
Posts: 10

Original Poster
Rep: Reputation: 0
Mar 11 06:48:15 myserver xinetd[4719]: START: ftp pid=4721 from=11.22.33.44
Mar 11 06:48:15 myserver xinetd[4721]: libwrap refused connection to ftp (libwrap=vsftpd) from 11.22.33.44
Mar 11 06:48:15 myserver xinetd[4721]: FAIL: ftp libwrap from=11.22.33.44
Mar 11 06:48:15 myserver xinetd[4719]: EXIT: ftp status=0 pid=4721 duration=0(sec)

I believe this is a rererse lookup failure. When I dig the client hostname from the server I get the right IP (in my example 11.22.33.44). But when I reverse the dig (dig -x 11.22.33.44) I get the hostname of the client's ISP, which is logical. libwrap fools vsftpd into balieving this is a spoofed hostname, and so rejects the connection.
When I put the IP 11.22.33.44 into hosts.allow, vsftpd accepts the connection.


Just to clarify: When I said "dynamic IP" in my first post I did not mean "private (eg 192.168.x.x), I meant it as an address allocated dynamically by the ISP each time the client's computer boots. The address is public, it just isn't the same accross boots.
 
Old 03-11-2008, 01:11 AM   #4
witch_doctor
LQ Newbie
 
Registered: Jun 2007
Posts: 10

Original Poster
Rep: Reputation: 0
I think I solved it. I just put the hostname that came up from the reverse lookup in hosts.allow and it works! I think this is the hostname given to the clients rooter by the ISP, so it is static to his account. If so, problem solved.
 
Old 03-11-2008, 03:36 PM   #5
witch_doctor
LQ Newbie
 
Registered: Jun 2007
Posts: 10

Original Poster
Rep: Reputation: 0
Nope... The hostname is not static either, which makes sense. I wish there was some option as there is in proftpd to disable reverse lookups.
 
Old 03-11-2008, 03:58 PM   #6
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Well, libwrap ties in with TCPWrapper which is probably blocking these users since you're using the hosts.allow and probably the host.deny.

Are you trying to limit the connections to the hosts with anonymous logins? Why not create actual accounts and drop the wrappers with trying to deny or allow access. Or just setup a good iptables firewall rules for the hosts you want to have access to ftp.
 
Old 03-12-2008, 01:28 AM   #7
witch_doctor
LQ Newbie
 
Registered: Jun 2007
Posts: 10

Original Poster
Rep: Reputation: 0
Yes, I'll probably follow one of the alternatives you propose. This is just a temporary ftp server, I wanted it to have as simple a configuration as possible and not affect the rest of the system. Thanks for your answers anyway!
 
Old 12-19-2010, 03:15 PM   #8
linuxquestions_forum_use
LQ Newbie
 
Registered: Dec 2010
Posts: 11

Rep: Reputation: 0
To turn off reverse DNS on my vsftpd server, I added this to the .conf file:

reverse_lookup_enable=NO

It got rid of the slow 20 or 30 second ftp login I was getting before.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable PAM reverse lookups? TBKDan Linux - Security 5 08-31-2007 08:47 AM
Reverse Lookups abhijeetudas Linux - Networking 1 10-18-2005 02:20 PM
Why do forward AND reverse lookups? veeruk101 Linux - Newbie 3 03-31-2005 11:22 AM
iptables DNS reverse lookups soren625 Linux - Networking 6 03-10-2005 11:06 AM
Reverse DNS Lookups ascii2k Linux - Networking 2 08-08-2001 10:01 AM


All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration