Bug 1818 - Rsyncd refuses connection if reverse mapping fails
Summary: Rsyncd refuses connection if reverse mapping fails
Status: CLOSED WORKSFORME
Alias: None
Product: rsync
Classification: Unclassified
Component: core (show other bugs)
Version: 2.5.7
Hardware: Other Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Wayne Davison
QA Contact: Rsync QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-24 03:31 UTC by Heikki Levanto
Modified: 2005-04-01 11:24 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Heikki Levanto 2004-09-24 03:31:33 UTC
First of all, apologies for running a prehistoric version  (2.5.6cvs), but that's what my 
Debian/Stable has (and it has its own patches too...). I tried to scan the bug reports to see if 
this had been fixed in a later version, but didn't find anything.  
 
Anyway, the problem is that I need to rsync from a machine that has no reverse mapping. I 
would expect it to be sufficient to specify the IP address in the hosts allow line, but no, the 
connection is rejected with  
(client side:) 
  opening tcp connection to bagel.indexdata.dk port 873 
  @ERROR: access denied to fng from unknown (212.XXX.XXX.201) 
(server syslog) 
  Sep 24 12:18:48 bagel rsyncd[5845]: rsync: name lookup failed for 212.XXX.XXX.201: Name 
or service not known 
  Sep 24 12:18:48 bagel rsyncd[5845]: rsync denied on module fng from unknown 
(212.130.49.201) 
 
I can work around this by adding  
  hosts allow unknown 
but that is not exactly what I want to do! Luckily I can get away with this by filtering at the 
firewall, but that isn't exactly proper. 
 
A random observation: When it works, the syslog says: 
  rsync to fng/fngindex/ from fngindexdata@unknown (212.XXX.XXX.201) 
Maybe that tells you something about the host name being needed somewhere else in the 
auth process...
Comment 1 Wayne Davison 2004-09-24 11:13:55 UTC
This worked fine for me using 2.5.7 as the server (the oldest version I had
around) and also 2.6.3pre2.

It may be that your "hosts allow" line has a problem.  If not, try upgrading.