[pkg-firebird-general] Re: fb2-ss 1.5.3.4870-8: "connection
rejected for" problem
Ilja Marchew
brammator at gmail.com
Tue Jun 20 09:41:15 UTC 2006
> Ilja Marchew wrote:
> >> May be the reason for rejection is indeed in /etc/hosts.allow and/or
> >> /etc/hosts.deny?
> >
> > maybe, but i'm completely unfamiliar with them. can you tell me what
> > to put here?
>
> They have any actual meaning only if there is some content. If all
> lines are comments, then they don't matter.
yeah, there was only comments. but i want to try it; and my problem is
i don't understand first part of control line (ALL: seems too
dangerous for me) -- "gds_db:" from /etc/services doesn't seem to work
(note: all tests was doubled with "gds_db: 192.168.99.100" line and
without it).
> >> Even if not specifying an user/password pair, a client is required to
> >> give path to database, so these empty packets seem very strange to me.
> >
> > indeed, but db path included in both packets, first (with host/user)
> > and second (with login/password).
>
> I am not sure I understand you. These two packets were from another,
> linux PC, right? If yes, then they're not relevant to the problem you
> have with windows machine.
>
yes, from LinuxPC; for me, it seems like isql tries to auth himself by
"host/user/database" in first packet and by "login/password/database"
in second (and windows clients just doesn't have any "host/user" info
to send)
> > Also, i work with my IBexpert with many Yaffil DBs, local and remote,
> > so my local firewall configured for that.
>
> My suspection is that the root is in the yaffil client library. Why it
> did work for a previous firebird install (on 192.168.99.16) is a
> mystery to me. Perhaps yaffil was changed inbetween too?
sorry for misleading, "Windows to Linux" connection has never worked.
it worked as "Windows IBexpert to Windows Yaffil", "Windows isql to
Windows Yaffil", "Linux isql to Linux firebird" and (as in bottom of
that message) "Linux isql-fb to Windows Yaffil".
> Rejecting all-null packet seems logical - similar to what you'd get
> connecting to port 3050 with telnet and typing some random letters.
> Now if we can diagnose where those all-nulls come from...
Well, it seems normal when i connect from windows IBexpert to windows
Yaffil through redirected port (dupes are redirection through same
interface):
# redir --laddr=192.168.99.16 --lport=3050 --caddr=192.168.99.222 --cport=3050 &
# ngrep -x -d eth0 '.*' port 3050
interface: eth0 (192.168.99.0/255.255.255.0)
filter: (ip or ip6) and ( port 3050 )
match: .*
####
T 192.168.99.100:1474 -> 192.168.99.16:3050 [AP]
00 00 00 01 00 00 00 13 00 00 00 02 00 00 00 1d ................
00 00 00 00 00 00 00 08 00 00 00 02 01 00 00 00 ................
00 00 00 08 00 00 00 01 00 00 00 02 00 00 00 03 ................
00 00 00 00 00 00 00 08 00 00 00 1d 00 00 00 02 ................
00 00 00 03 00 00 00 01 00 00 00 09 00 00 00 01 ................
00 00 00 02 00 00 00 03 00 00 00 02 00 00 00 09 ................
00 00 00 1d 00 00 00 02 00 00 00 03 00 00 00 03 ................
00 00 00 0a 00 00 00 01 00 00 00 02 00 00 00 03 ................
00 00 00 04 00 00 00 0a 00 00 00 1d 00 00 00 02 ................
00 00 00 03 00 00 00 05 00 01 00 0a 00 00 00 01 ................
00 00 00 02 00 00 00 03 00 00 00 06 00 01 00 0a ................
00 00 00 1d 00 00 00 02 00 00 00 03 00 00 00 07 ................
#####
T 192.168.99.16:1268 -> 192.168.99.222:3050 [AP]
00 00 00 01 00 00 00 13 00 00 00 02 00 00 00 1d ................
00 00 00 00 00 00 00 08 00 00 00 02 01 00 00 00 ................
00 00 00 08 00 00 00 01 00 00 00 02 00 00 00 03 ................
00 00 00 00 00 00 00 08 00 00 00 1d 00 00 00 02 ................
00 00 00 03 00 00 00 01 00 00 00 09 00 00 00 01 ................
00 00 00 02 00 00 00 03 00 00 00 02 00 00 00 09 ................
00 00 00 1d 00 00 00 02 00 00 00 03 00 00 00 03 ................
00 00 00 0a 00 00 00 01 00 00 00 02 00 00 00 03 ................
00 00 00 04 00 00 00 0a 00 00 00 1d 00 00 00 02 ................
00 00 00 03 00 00 00 05 00 01 00 0a 00 00 00 01 ................
00 00 00 02 00 00 00 03 00 00 00 06 00 01 00 0a ................
00 00 00 1d 00 00 00 02 00 00 00 03 00 00 00 07 ................
#
T 192.168.99.222:3050 -> 192.168.99.16:1268 [AP]
00 00 00 03 00 01 00 0a 00 00 00 1d 00 00 00 03 ................
00 00 00 00 ....
##
T 192.168.99.16:3050 -> 192.168.99.100:1474 [AP]
00 00 00 03 00 01 00 0a 00 00 00 1d 00 00 00 03 ................
00 00 00 00 ....
#
T 192.168.99.100:1474 -> 192.168.99.16:3050 [AP]
00 00 00 13 00 00 00 00 00 00 00 11 43 3a 5c 50 ............C:\P
50 50 5c 4f 53 4f 33 33 33 2e 47 44 42 00 00 00 PP\OSO333.GDB...
00 00 00 1f 01 1c 06 53 59 53 44 42 41 30 07 57 .......SYSDBA0.W
49 4e 31 32 35 31 1e 0b 51 50 33 4c 4d 5a 2f 4d IN1251..QP3LMZ/M
4a 68 2e 00 Jh..
#
T 192.168.99.16:1268 -> 192.168.99.222:3050 [AP]
00 00 00 13 00 00 00 00 00 00 00 11 43 3a 5c 50 ............C:\P
50 50 5c 4f 53 4f 33 33 33 2e 47 44 42 00 00 00 PP\OSO333.GDB...
00 00 00 1f 01 1c 06 53 59 53 44 42 41 30 07 57 .......SYSDBA0.W
49 4e 31 32 35 31 1e 0b 51 50 33 4c 4d 5a 2f 4d IN1251..QP3LMZ/M
4a 68 2e 00 Jh..
#
T 192.168.99.222:3050 -> 192.168.99.16:1268 [AP]
00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ................
#
T 192.168.99.16:3050 -> 192.168.99.100:1474 [AP]
00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 ................
#
T 192.168.99.100:1474 -> 192.168.99.16:3050 [AP]
00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 01 ...(............
3e 00 00 00 00 00 02 00 >.......
#
T 192.168.99.16:1268 -> 192.168.99.222:3050 [AP]
00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 01 ...(............
3e 00 00 00 00 00 02 00 >.......
..and it works fine then, so it at least normal for Yaffil dialect of
IB6 protocol.
My conclusion "it is correct for any IB6 dialect" was based on same
behavior of IBexpert (sending first nulled packet) for Win/Yaffil base
and for Linux/FB base -- actually, switching DB type from Yaffil1.5 to
fb2.0 doesn't change much in these first packets.
Also, Yaffil understand "not-nulled packet" from isql-fb -- i have
normal connect from Linux to Win/Yaffil, and there is network dump:
# ngrep -x -d eth0 '.*' port 3050
interface: eth0 (192.168.99.0/255.255.255.0)
filter: (ip or ip6) and ( port 3050 )
match: .*
####
T 192.168.99.16:2552 -> 192.168.99.222:3050 [AP]
00 00 00 01 00 00 00 13 00 00 00 02 00 00 00 24 ...............$
00 00 00 11 43 3a 5c 50 50 50 5c 4f 53 4f 33 33 ....C:\PPP\OSO33
33 2e 47 44 42 00 00 00 00 00 00 02 00 00 00 10 3.GDB...........
01 04 72 6f 6f 74 04 06 73 68 61 72 65 61 06 00 ..root..sharea..
00 00 00 08 00 00 00 01 00 00 00 02 00 00 00 03 ................
00 00 00 02 00 00 00 0a 00 00 00 01 00 00 00 02 ................
00 00 00 03 00 00 00 04 ........
#
T 192.168.99.222:3050 -> 192.168.99.16:2552 [AP]
00 00 00 03 00 00 00 0a 00 00 00 01 00 00 00 03 ................
##
T 192.168.99.16:2552 -> 192.168.99.222:3050 [AP]
00 00 00 13 00 00 00 00 00 00 00 11 43 3a 5c 50 ............C:\P
50 50 5c 4f 53 4f 33 33 33 2e 47 44 42 00 00 00 PP\OSO333.GDB...
00 00 00 1e 01 1c 06 53 59 53 44 42 41 1e 0b 51 .......SYSDBA..Q
50 33 4c 4d 5a 2f 4d 4a 68 2e 3a 04 00 00 00 00 P3LMZ/MJh.:.....
3e 00 00 00 >...
some info about PCs: 99.100 is my workstation (win xp, IBexpert),
99.16 is a test linux/debian etch with fb2-ss 1.5.3.4870-8 and 99.222
is a test win2k with Yaffil-SS 874.
My ultimate goal is to migrate third-party abandoned product from
Yaffil-SS to Linux/FB2 -- because, as said on Yaffil homepage, it is
abandoned too and merged to fb2 project.
More information about the pkg-firebird-general
mailing list