Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#4051 IP-Access-Control Bug

open
Jamie Cameron
5
2012-02-02
2012-02-02
itsjustme
No

Since upgrade to version 1.580, Webmin can't resolve the hostname in the IP-Access-Control Module ... If I say: allow only *.dip.blah.net (which is the resolve of my actual ip), webmin tells me it won't work cause I'm getting blocked!

So, this function is uselss now. In Usermin everythings working and BEFORE the upgrade to 1.580 it worked (over years!!!) in webmin too. No other OS related things changed.

Discussion

1 2 > >> (Page 1 of 2)
  • itsjustme
    itsjustme
    2012-02-02

    error

     
    Attachments
  • Jamie Cameron
    Jamie Cameron
    2012-02-02

    This could happen if your IP doesn't reverse-resolve to a hostname that matches this regexp, or if the hostname that it does resolve to doesn't forward-resolve to the same IP ?

     
  • itsjustme
    itsjustme
    2012-02-03

    I'm on it since the update and tried it on/with different connections from several locations. Also, I was in contact with our provider (Telekom Germany) to make sure it's not a problem related to their system.

    If i trace my connection to " *.dip.t-online.de " and set this to webmin, I get the message that I will be blocked. Same if I'm online on other connections. The same happens if I use it without wildcards. " FULLIDENT.dip.t-online.de " gets me blocked too. (and that should be a full match!) Only the clear IP is working :/

    As I said, it only happens to webmin module. If I use the same regexp in Usermin - it work as it should!

     
  • itsjustme
    itsjustme
    2012-02-03

    What about this here ? (the regexp was: *.dip0.t-ipconnect.de )

    Argument "*" isn't numeric in left bitshift (<<) at ./webmin-lib.pl line 1428.
    Argument "ipconnect" isn't numeric in left bitshift (<<) at ./webmin-lib.pl line 1429.
    Argument "dip0" isn't numeric in left bitshift (<<) at ./webmin-lib.pl line 1428.
    Argument "de" isn't numeric in left bitshift (<<) at ./webmin-lib.pl line 1429.
    Argument "t" isn't numeric in left bitshift (<<) at ./webmin-lib.pl line 1428.
    Use of uninitialized value in left bitshift (<<) at ./webmin-lib.pl line 1429.
    Use of uninitialized value in left bitshift (<<) at ./webmin-lib.pl line 1428.
    Use of uninitialized value in left bitshift (<<) at ./webmin-lib.pl line 1429.
    Error: Ihrer aktuellen IP-Adresse (84.162.205.72) würde der Zugriff verweigert

     
  • Jamie Cameron
    Jamie Cameron
    2012-02-03

    Can you tell me what your IP is, and what wildcard you actually entered? That way I can debug why Webmin thinks you would be blocked ..

     
  • itsjustme
    itsjustme
    2012-02-04

    My IP is dynamic like " p5AF152BD.dip.t-dialin.net or p5AF152BD.dip0.t-ipconnect.de " so I will use " *.dip.t-dialin.net or *.dip0.t-ipconnect.de " Yesterday I tested it on a new clean debian system with the latest webmin release, same error :-(

     
  • Jamie Cameron
    Jamie Cameron
    2012-02-04

    Here's the problem - p5AF152BD.dip.t-dialin.net resolves to IP 90.241.82.189 , but 90.241.82.189 cannot be reverse-resolved. And Webmin depends on reverse-resolution to check if an IP matches some pattern, like *.dip.t-dialin.net

    Your ISP typically controls reverse resolution for IPs it assigns.

     
  • itsjustme
    itsjustme
    2012-02-04

    Stop Stop Stop ... The posted IP was only an example (my ip changes every 24h due my provider, thats why I only posted an fictive IP). Sorry, I thougt you need it only to check the wildcard.

    Anyway ... the reverse lookup WORKS as it should be ..

    My IP at the moment: 93.193.82.189

    Trace from my rootserver:
    # nslookup 93.193.82.189
    # 189.82.193.93.in-addr.arpa name = p5DC152BD.dip.t-dialin.net.

    Thats why I told you that only the webmin module is affected. In Usermin the reverse lookup works very well, but not in the webmin module. So, thats why I think the error must be on webmin.

     
  • Jamie Cameron
    Jamie Cameron
    2012-02-05

    You can try manually configuring Webmin to allow only IPs matching *.dip.t-dialin.net by editing /etc/webmin/miniserv.conf , and at the end adding the line :

    allow=*.dip.t-dialin.net

    then run /etc/webmin/restart

    Let me know if that allows you to login to Webmin or not ..

     
  • itsjustme
    itsjustme
    2012-02-05

    Nope, no changes - I'm still blocked ... I already tried this, several times.
    (after the update I also was forced to remove the host from miniserv.conf cause I was blocked.)

    Last night we setup a new clean debian install with the latest webmin release on a friends rootserver. Same error :-(

    PS: Thank you for your patience. Hope you/we can fix it

     
1 2 > >> (Page 1 of 2)