[Comm] bugs?: cisco -> xinetd(tftpd) - why?

Dmitry Lebkov =?iso-8859-1?q?dima_=CE=C1_sakhalin=2Eru?=
Пт Сен 26 22:02:29 MSD 2003 

On Fri, 26 Sep 2003 17:05:59 +0400
Oleg K.Artemjev <olli на rbauto.ru> wrote:

> 
> 
> Какие-то невнятные ошибки.. кто нибудь может объяснить в
> чем дело? Конфиги, логи, screen dump'ы ниже:
>
>
> На cisco:
> 3550gbic на 4=cs241#sh run | inc address 
>  ip address 192.168.100.241 255.255.255.0
>  ip address 192.168.200.241 255.255.255.0
> 3550gbic на 4=cs241#copy run tftp
> Source filename [running-config]?
> Address or name of remote host []? 192.168.100.2
> Destination filename [3550gbic на 4=cs241-confg]?
> ...!!
> 4975 bytes copied in 15.528 secs (320 bytes/sec)
> 3550gbic на 4=cs241#
> 
> На pc в конфигах:
> 
> -----------------/etc/xinetd.conf-------------
> # Simple configuration file for xinetd
> #
> # Some defaults, and include /etc/xinetd.d/
> 
> defaults
> {
> 	log_type = SYSLOG authpriv
> 	log_on_success = PID HOST USERID EXIT DURATION
> 	log_on_failure = HOST RECORD USERID
> 	instances = 25
> 	per_source = 5
> # localhost
> 	only_from = 127.0.0.1
> # cisco equipment
> 	only_from = 172.16.11.1
>     only_from = 192.168.100.241
>     only_from = 192.168.200.241
>     only_from = 192.168.100.244
>     only_from = 192.168.100.246
>     only_from = 192.168.100.249
>     only_from = 192.168.200.249
> }
> 
> includedir /etc/xinetd.d
> -----------------/etc/xinetd.conf-------------
> -----------------/etc/xinetd.d/tftp-------------
> # default: off
> # description: The tftp server serves files using the trivial file transfer \
> #	protocol.  The tftp protocol is often used to boot diskless \
> #	workstations, download configuration files to network-aware printers, \
> #	and to start the installation process for some operating systems.
> service tftp
> {
> 	disable		= no
> 	socket_type	= dgram
> 	wait		= no
> 	user		= root
> 	server		= /usr/sbin/in.tftpd
> 	server_args	= -v -c -u tftp -s /0tftpd-storedir
> }
> -----------------/etc/xinetd.d/tftp-------------
> 
> [root на ws002 root]# cat /etc/hosts.allow | grep 241
> # 3550gbic на 4=cs241, both addresses
> in.tftpd: 192.168.100.241
> in.tftpd: 192.168.200.241
> [root на ws002 root]# cat /etc/hosts.deny | grep 241
> [root на ws002 root]#
> 
> На pc в логах:
> [root на ws002 root]# grep tftp /var/log/all | tail -120
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18071 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18072 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18073 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18074 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: START: tftp pid=18075 from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: FAIL: tftp per_source_limit from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18073]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18073]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18073 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18074]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18074]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18074 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18075]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18075]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18075 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18071]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18071]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18071 duration=0(sec)
> Sep 26 16:42:37 ws002 xinetd[18072]: libwrap refused connection to tftp from 192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[18072]: FAIL: tftp libwrap from=192.168.100.241
> Sep 26 16:42:37 ws002 xinetd[2084]: EXIT: tftp status=0 pid=18072 duration=0(sec)
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18076 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18077 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18078 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18079 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: START: tftp pid=18080 from=192.168.100.241
> Sep 26 16:42:41 ws002 xinetd[2084]: FAIL: tftp per_source_limit from=192.168.100.241
> Sep 26 16:42:46 ws002 xinetd[2084]: FAIL: tftp per_source_limit from=192.168.100.241
> Sep 26 12:42:52 ws002 in.tftpd[18081]: WRQ from 192.168.100.241 filename 3550gbic на 4=cs241-confg
> [root на ws002 root]# 
> 
> 
> Все конечно пишется.. но какого хрена эти самые FATAL?? Причем по второму разу спустя пару минут я ошибок
> уже не наблюдаю:
> 
> 3550gbic на 4=cs241#copy run tftp        
> Source filename [running-config]?                      
> Address or name of remote host []? 192.168.100.2    
> Destination filename [3550gbic на 4=cs241-confg]? 
> !!
> 4975 bytes copied in 0.268 secs (18563 bytes/sec)
> 3550gbic на 4=cs241#


В конфигах xinetd убери все упоминания USERID - это лишние
"тормоза". Врядли у тебя везде работает identd ...

Также, IMHO, вместо only_from в xinetd.conf лучше пользовать
tcp_wrappers (hosts.deny|allow, man 5 host_access).

--
WBR, Dmitry Lebkov

Подробная информация о списке рассылки community