IP restriction (no hostnames) [bug or misconfiguration?]

DaShizNit · Post by **DaShizNit** » Fri Dec 10, 2004 1:54 pm

I have a question. How do I make it so Unreal only allows certain IPs to connect regardless of their hostnames?
In the /doc help file it says "Additionally, if you want to setup a block that only matches based on IP, then set the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.", so I have my .conf set up with:
allow {
ip *@111.111.111.*;
ip *@222.222.222.*;
ip *@333.333.333.*;
hostname NOBODY;
class clients;
password "mypasshere";
maxperip 5;
};
But if I try to connect from 111.111.111.111, which is on the allow list, it says that I can't connect to the ircd, it says "You are not authorized to connect to this server" but if I get rid of the ips and add only "ip *@*", I can connect.
Is this a bug, there's no way to make it restricted by IP only like the help file says, or am I missing something?
Thanks in advance for any help.

Dukat · Post by **Dukat** » Fri Dec 10, 2004 3:02 pm

I don't think you can add more than one "ip"-statement per allow block... Only add one and add another allow block instead.

DaShizNit · Post by **DaShizNit** » Fri Dec 10, 2004 3:34 pm

Well, I just removed all but 1, and still getting "You are not authorized to connect to this server" even though the ip is in the allow block.

Is this thing a bug or is there any other way to set that up?

Right now, the .conf looks like this:
allow {
ip *@111.111.111.*;
hostname NOBODY;
class clients;
password "mypasshere";
maxperip 5;
};
And connecting from 111.111.111.111 won't go through.

Any advices?

Dukat · Post by **Dukat** » Fri Dec 10, 2004 3:48 pm

You DID send the password, right?

DaShizNit · Post by **DaShizNit** » Fri Dec 10, 2004 3:51 pm

Dukat wrote:You DID send the password, right?

Give me some credit hehe

yeah, I did send out the password.. not the only password protected ircd I connect to

But just for the sake of it, I removed the password and restart it, and still the same "You are not authorized to connect to this server" message.

crazytoon · Post by **crazytoon** » Fri Dec 10, 2004 3:57 pm

try this :

allow {
ip *@111.111.111.*;
hostname *@*;
class clients;
password "mypasshere";
maxperip 5;
};

is the host something like this :

someISP.123456.my.dom.com you can try this too :

hostname *@*.my.dom.com ;

DaShizNit · Post by **DaShizNit** » Fri Dec 10, 2004 4:13 pm

seems like it's working now... weirdly enough when I rehashed and restarted it, it would still not work. But when ./unreal stop and started it over, the ip protection kicked in.
Shouldn't that have worked with rehash or restart? I hope it was just this 1 time bug fluke thing, and that I won't have to kill the ircd again when I add another allow ip to the list. Though I just tested adding another one, and rehashed worked fine. So I guess it's just for the 1st time this thing is happening when u gotta kill the ircd for the new config to kick in, I don't know. Someone from dev team should take a look at it, cuz I didn't modify the .conf at all from when it wasn't working till I killed and restarted the ircd and all of a sudden it started working.
Anyways, thanks a lot for all your help everyone. Really appreciate it

Post by **Syzop** » Fri Dec 10, 2004 4:21 pm

It works perfectly fine here, and yes after a rehash the changes are applied (tried your incorrect block-with-several-ip-items, rehash, remove them so only 1 is left, rehash, replace that item with the actual IP i wanted [192.168.*], rehash, got in).
I just assume you did something wrong (ha!), unless you can reproduce it again :p.

Ron2K · Post by **Ron2K** » Fri Dec 10, 2004 6:19 pm

Hmm. I wonder if your IP had reverse DNS (which the IRCd then resolved), and the IRCd then attempted to match according to your hostname, decided that your hostname didn't match any allow blocks and denied you access. I'll give it a quick test just now and post the results when I come back tomorrow morning.

AngryWolf · Post by **AngryWolf** » Fri Dec 10, 2004 7:17 pm

Dukat wrote:I don't think you can add more than one "ip"-statement per allow block... Only add one and add another allow block instead.

Dukat is right, if you added more than one "ip"-statements in one single allow block, only one ip value, namely the first one would be used, the others would be simply ignored. (By the way, the next version of UnrealIRCd will warn you if there is a duplicate directive when shouldn't, including allow::ip.)

Ron2k wrote:Hmm. I wonder if your IP had reverse DNS (which the IRCd then resolved), and the IRCd then attempted to match according to your hostname, decided that your hostname didn't match any allow blocks and denied you access.

No, that's wrong. If there is a hostname/IP mismatch, Unreal skips checking if allow::hostname matches, however allow::ip is still checked (you know, "IP matches OR host matches"), and it's checked against the real IP of the client.

Ron2K · Post by **Ron2K** » Sat Dec 11, 2004 10:14 am

AngryWolf wrote:No, that's wrong. If there is a hostname/IP mismatch, Unreal skips checking if allow::hostname matches, however allow::ip is still checked (you know, "IP matches OR host matches"), and it's checked against the real IP of the client.

So I discovered when I tried it out this morning