Change your hosts.allow entry - I set up mine for my local subnet to look like yours (using my numbers) and it failed with service not available right after it worked before the change.
I believe it's the x.x you have in there:
in.ftpd: 191.95.x.x/255.255. 0.0
I changed it (a couple of times) and found this to work;
in.ftpd: 191.95. /255.255. 0.0
in.ftpd: 191.95./255.255. 0.0 will not work - needs that space - I still am looking to see if the /255.255.0.0 is valid (will post back)
Where did you download the tcp wrappers from? Found the following at kempston.net
Download the source code:
The source of TCP Wrappers is available from ftp://ftp.cerias.purdue.edu/pub/tools/unix/netutils/tcp_wrappers/. At the time of writing, the latest version is V7.6 and the source code is provided as a compressed tar archive in the file tcp_wrappers_7.6.tar.gz.
This version is suitable for Solaris 7 and earlier but not for Solaris 8. Solaris 8 contains support for IPv6 and the standard TCP wrappers program is not yet compatible with the IPv6 implementation in Solaris 8. However, Casper Dik, a Network Security Engineer with Sun Microsystems, has modified the standard version 7.6 to make it compatible with Solaris 8 and has kindly made his modified version available at ftp://playground.sun.com/pub/casper in the file tcp_wrappers_7.6-ipv6.tar.gz.
Solaris 8 would require you use the one with ipv6.
The solution require proper configuration in hosts.allow & hosts.deny, but that alone will NOT overcome this problem. I know of only 2 ways to overcome this...
2) Or change /etc/inetd.conf - by changing all occurrances of the following...
============================================
tcp6 --> tcp (see example below)
------------------------------------------
FROM:
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
TO:
ftp stream tcp nowait root /usr/local/bin/tcpd /usr/sbin/in.ftpd -l
udp6 --> udp (see example below)
------------------------------------------
FROM:
tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
TO:
tftp dgram udp wait root /usr/local/tcpd in.tftpd -s /tftpboot
============================================
Since there is (in most cases) no need for IPv6, I prefer option #2.
Benefiting from IPv6 means that you replace all the company's network equipment with IPv6 compatiples (i.e. since everything that is not IPv6 will not handle it) ... and this can be rather expensive.
The Solaris OE comes with IPv6 capability, but the benefits of having this in Solaris will probably not be seen for a few years to come, as networking equipment gets replaced by either attrition, necessity, or a extra income that the company doesn't know what to do with...
Don't do that. TCP wrappers, when used through inetd.conf, only work for services using the TCP protocol. By doing the above, you have probably broken his tftp server, which uses the udp protocol.
Please note, udp services can use the tcp libraries and hosts.allow/hosts.deny, however, it cannot be done through inetd.conf like you stated in your example above. It must be coded directly into the service (like UCD-SNMP for example).
But for hassan2's sake, the following are excerps from the TCP Wrapper README file:
===========================================
1 - Introduction
----------------
With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.
It supports both 4.3BSD-style sockets and System V.4-style TLI. Praise yourself lucky if you don't know what that means.
...
===========================================
This is also stated in the man pages (`man tcpd`)...
** Most importantly, I have tested this.
hassan2 - this works very well, so don't let anyone daunt your efforts on this. You're on the right track.