All Products
Search

This Product

    Server Migration Center:What do I do if the "TCP Wrappers configuration affects" error message appears?

    Document Center

    Server Migration Center:What do I do if the "TCP Wrappers configuration affects" error message appears?

    Last Updated:May 11, 2024

    This topic describes the cause of the "TCP Wrappers configuration affects" error message that is reported when you use Server Migration Center (SMC) to migrate a Linux operating system. This topic also describes how to resolve the error.

    Problem description

    The "TCP Wrappers configuration affects" error message is reported when a Linux operating system is migrated to Anolis OS by using SMC.

    Cause

    Anolis OS 8 no longer supports TCP wrappers.

    Solution

    TCP wrappers provide a simple tool that you can use to block incoming connections at the application level. Previously, firewalls were unavailable in Linux, and TCP wrappers were used to ensure access security. Now, you can use firewalld to replace TCP wrappers.

    The following example shows how to configure firewalld to replace TCP wrappers that restrict SSH access.

    • Content of the /etc/hosts.deny file:

      #
# hosts.deny	This file contains access rules which are used to
#		deny connections to network services that either use
#		the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		The rules in this file can also be set up in
#		/etc/hosts.allow with a 'deny' option instead.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
sshd: ALL

    • Content of the /etc/hosts.allow file:

      #
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd: 192.168.20.100 192.168.20.101 
sshd: 192.168.15.16/29

    1. Connect to the source server. For more information, see Connect to an instance.

    2. Run the following commands to install firewalld and start the service: 

      yum install -y firewalld
systemctl enable firewalld
systemctl restart firewalld

    3. Run the following command to remove the SSH service from the default zone of firewalld.

      By default, SSH is enabled in the default zone of firewalld. The default zone is also known as the public zone. 

      firewall-cmd --permanent --remove-service=ssh

    4. Run the following command to create a firewalld zone: 

      firewall-cmd --permanent --new-zone=sshzone

    5. Run the following commands to add the SSH service and network filter conditions to sshzone: 

      firewall-cmd --permanent --zone=sshzone --add-source=192.168.20.100
firewall-cmd --permanent --zone=sshzone --add-source=192.168.20.101
firewall-cmd --permanent --zone=sshzone --add-source=192.168.15.16/29
firewall-cmd --permanent --zone=sshzone --add-service=ssh

    6. Run the following command to load the configurations: 

      firewall-cmd --reload

    7. Comment out the content in the /etc/hosts.allow and /etc/hosts.deny files.

    8. After the error is resolved, run the SMC client and retry the migration job. For more information, see Run the SMC client.