leafnode fetchnews: recebeu saudação falsa (498)

Question

leafnode fetchnews: recebeu saudação falsa (498)

#1 resposta do Thufir (0 votos)

1

Como executo algum tipo de diagnóstico para verificar a conexão com um servidor NNTP leafnode na mesma rede ?

thufir@arrakis:~$ 
thufir@arrakis:~$ telnet 192.168.1.7 119
Trying 192.168.1.7...
Connected to 192.168.1.7.
Escape character is '^]'.
Connection closed by foreign host.
thufir@arrakis:~$

Ele se conecta por um segundo, depois a conexão é fechada ... Eu nunca digitei os caracteres de escape.

Alternadamente, o que posso procurar no servidor em termos de registros para ver por que ele fechou a conexão?

Os logs news.err e news.notice em /var/logs/news estão vazios no servidor upstream doge .

O servidor downstream, arrakis , pode se conectar a NNTP servidores bem. Como pode o servidor upstream, doge . (Estes são apenas FQDN's registrados em no-ip.com, não em domínios "reais").

thufir@arrakis:~$ 
thufir@arrakis:~$ sudo fetchnews -vvv
leafnode 1.11.10: verbosity level is 3, debugmode is 0
try_lock(timeout=5), fqdn="arrakis.bounceme.net"
192.168.1.7: connecting to port nntp...
error: NNTP server went away (server disconnect or timeout)
error: 192.168.1.7: received bogus greeting (498): (nil)
192.168.1.7: address list exhausted without establishing connection.
192.168.1.7: connection failed.
news.mozilla.org: connecting to port nntp...
news.mozilla.org: connected to 216.166.97.169:119, reply: 200
news.mozilla.org: connected.
news.mozilla.org: using STAT <message-ID> command.
Not posting to news.mozilla.org: nopost-set 
news.mozilla.org: getting new newsgroups
^Cfetchnews: caught signal 2, shutting down.
WARNING: some servers have not been queried!
wrote active file with 156888 lines
Started process to update overview data in the background.
Network activity has finished.
thufir@arrakis:~$

Os arrakis e doge não são servidores sem cabeçalho, eu os uso como um computador normal. No doge , posso me conectar a localhost fine com o pan newsreader.

No entanto, as conexões de arrakis a doge não funcionam em leafnode usando fetchnews nem pan ou mesmo alpine / pine cliente de e-mail.

Talvez seja um problema de segurança:

If you want to protect your Leafnode server by using TCP wrappers, you can do so easily. If the news server is available only for intranet use, you may want to seriously consider doing this so that your news server can’t be abused by the outside world. Let's assume that your internal network is using the IP network address of 192.168.1.0. You would write the following in your /etc/hosts.deny file to allow only machines with IP addresses located in your local network to access Leafnode: leafnode: ALL EXCEPT 192.168.1. 127.0.0.1

É um sistema um pouco antigo, sem a certeza da versão do leafnode:

thufir@arrakis:~$ 
thufir@arrakis:~$ sudo leafnode --version
200 Leafnode NNTP Daemon, version 1.11.10 running at arrakis.bounceme.net (my fqdn: arrakis.bounceme.net)

^Cthufir@arrakis:~$ 
thufir@arrakis:~$ 
thufir@arrakis:~$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu 15.10"
thufir@arrakis:~$

O servidor downstream, arrakis , tem uma entrada de notícias em inetd :

thufir@arrakis:~$ 
thufir@arrakis:~$ cat /etc/inetd.conf
# /etc/inetd.conf:  see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
#:INTERNAL: Internal services
#discard        stream  tcp nowait  root    internal
#discard        dgram   udp wait    root    internal
#daytime        stream  tcp nowait  root    internal
#time       stream  tcp nowait  root    internal

#:STANDARD: These are standard services.

#:BSD: Shell, login, exec and talk are BSD protocols.

#:MAIL: Mail, news and uucp services.
nntp   stream  tcp     nowait  news    /usr/sbin/tcpd  /usr/sbin/leafnode

#:INFO: Info services

#:BOOT: TFTP service is provided primarily for booting.  Most sites
#       run this only on machines acting as "boot servers."

#:RPC: RPC based services

#:HAM-RADIO: amateur-radio services

#:OTHER: Other services

thufir@arrakis:~$

por Thufir 13.08.2017 / 07:06

1 resposta

Precisa de ajuda para instalar; computador é agora um peso de papel Sistema de arquivos Ext4 corrompido durante a noite

score 0 · Accepted Answer

interagiu com hosts.allow e hosts.deny de uma maneira muito insegura:

thufir@arrakis:~$ 
thufir@arrakis:~$ cat /etc/hosts.allow 
# /etc/hosts.allow: list of hosts that are allowed to access the system.
#                   See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#

#-- leafnode begin
leafnode: 192.168.1.7
leafnode: 127.0.0.1
#-- leafnode end
thufir@arrakis:~$ 
thufir@arrakis:~$ cat /etc/hosts.deny 
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

#-- leafnode begin
#leafnode: ALL
#-- leafnode end
thufir@arrakis:~$

e ignorou todos os avisos no manual fino por arquivo de configuração:

## By default, leafnode only serves connections from addresses in the
## local networks and drops those from outside. An IPv4 address, or an
## IPv6 address on computers that provide the getifaddrs() interface is
## considered local if it is within the networks (IP/netmask) of the local
## interfaces. On computers that lack the getifaddrs() interface, an
## IPv6 address is considered local if it is site-local, link-local or
## the loopback address (::1).
##
## You can enable remote access by doing:
## 1. enabling access for single static IPs (or subnetworks) through
##    your super server (xinetd, tcpserver) or, if the service is wrapped by
##    tcpd, hosts.allow/hosts.deny configuration,
## 2. disabling access for all other hosts (default to deny),
## 3. testing that "deny" works, to avoid abuse of your server,
## 4. uncommenting this option, capitalizing the "strangers" subword and
##    setting the value to 42.
##
## WARNING: ENABLING THIS OPTION IS DANGEROUS. YOU AGREE TO BE LIABLE
## FOR ALL ABUSE OF YOUR SERVER WHEN THIS OPTION IS ENABLED.
## IF ANYTHING ABOUT ITEMS 1. TO 3. ABOVE IS UNCLEAR, DO NOT ENABLE THIS!
## IF YOU ARE NOT FAMILIAR WITH ACCESS CONTROL, OR YOUR CLIENTS ARE ON
## DYNAMIC IPS, YOU MUST NOT ENABLE THIS. (You can use other, authenticated,
## methods of access instead, for instance SSH tunnels.)
##
#

allowSTRANGERS = 42

agora, meio que funciona. obviamente, não uma solução boa .