Linux-Networking Digest #384, Volume #12 Fri, 27 Aug 99 12:13:29 EDT
Contents:
Re: RJ-45 without hub? ("Andrew Dadmun")
Re: Linux Webserver Security (Duncan Simpson)
Samba server with floppy distro? (Jose L Gomez Dans)
Re: Masquerading + Samba? (Ted Potter)
cost of leased line in notting hill, London England (colin)
Re: ppp bad-configure/rej: (Clifford Kite)
Re: IP Masquarading & Netmeeting -> HELP ("Cedric Blancher")
Re: uunet's baton-rouge spammer is back (Duncan Simpson)
Re: Linux and OSPF ? (Raymonds Doetjes)
Re: Q: How to get "genericstable" working? ("Dave Ewart")
Re: Why use real IP's when I can use virtual? (David Crooke)
Re: 10 or 100 (Ted Potter)
Re: Intranet pop-server (Duncan Simpson)
Re: Can an ISP detect masquerading? ("Robert_Glover")
Re: Class A Subnet (Raymonds Doetjes)
Re: [newbie] proxy services? (Kenneth Wong)
Re: IP Masqerading - Win95 client wont work!! (Ted Potter)
Re: Can/should a firewall be used as DHCP server (Peter Buelow)
Server considerations ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Andrew Dadmun" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.admin.networking
Subject: Re: RJ-45 without hub?
Date: Fri, 27 Aug 1999 09:07:31 -0400
Sorry that's 1-3 and 2-6. Check this URL for a diagram:
http://www.gcctech.com/ts/doc/crossover.html
Andrew Dadmun wrote...
> Just make (significantly less than $7) a crossover cable. Swap 1-2 and
3-6
> on one end.
>
> Regards,
>
> Andrew Dadmun
> Network Support Specialist
> http://www.mpinteractive.com
> http://www.e-builder.net
>
>
> Richard Webber <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hi all,
> >
> > A bit of a newbie question.
> > Is it possible to network two machines through an RJ-45 connection
without
> > a hub?
> >
> > I've got a nice P3 (paid for by work :-) running Win NT 4.0 pack 4 with
a
> > 3Com 10/100Mbps PCI card, and I want to connect it to my old 486 running
> > Debian Linux with a no-name 10Mbps card. The 486 has both BNC and RJ-45
> > connections, but the P3 only has an RJ-45.
> >
> > Would a cross-over RJ-45 cable work, and if so ... which wires do I have
> > to swap? :-)
> >
> > Email replies please.
> >
> > Richard
>
>
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Linux Webserver Security
Date: 27 Aug 1999 14:05:46 GMT
In <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> writes:
>I know I'll get flamed for this but my sugestion for
>a server that is quick and tighter than a gnat's butt
>would be FreeBSD! Sorry.
Ditto linux properly administred. With the possible exception of M$
offerings almost any Un*x-clone can be as tight as FreeBSD or
substantially more. Anything badly administered will be riddled with
security holes.
I clonclude that FreeBSD will *NOT* solve the posters problem (a few
sysadministrivia courses might).
>If you must use RedHat, there is bound to be a security
>faq on RedHat's site!
The poster should definately apply all the security updates to his
system. He should also reduce services to what the box is meant to
provide and use ssh for shell access, just as a start. Further action
should be taken dependent on the paraboia level and number of $$$$ at
risk.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: Jose L Gomez Dans <[EMAIL PROTECTED]>
Subject: Samba server with floppy distro?
Date: 27 Aug 1999 13:41:13 GMT
Hi!
I would like to use one of this single floppy distributions to turn
old computers into samba servers. As a first step, we have a number of 386
which could be used as printer servers without any further problems. They
have small hard drives, and the idea is to be able to quickly turn one of
these computers into a printer server, and use the hard drives as a spool
directory.
I have tried mulinux, which comes with a lpr server, but it does not
come with samba support. Has anyone done something similar? I know I could
mount root by NFS, but the network is extremely slow, and while that
wouldn't matter for sending stuff to the printer, it would for NFS access
(specially if mounting root).
TiA,
Jose
--
Jose L Gomez Dans PhD student
Radar & Communications Group
Department of Electronic Engineering
University of Sheffield UK
------------------------------
From: [EMAIL PROTECTED] (Ted Potter)
Subject: Re: Masquerading + Samba?
Date: Fri, 27 Aug 1999 13:46:00 GMT
Reply-To: [EMAIL PROTECTED]
Hmm, what OS are the other workstations/servers running ?
or are you saying you want to see other computers on the internet ?
I have 2 winx machines and 2 linux machines and can "see" all of
them. I honestly have not figured out how to get 2 linux machines
to use samba at the same time - sheer lazyness on my part.
I run samba in order to access a windows application on the linux
machine with a windows hd mounted. This is keeping with my policy
of never placing valuable data on a winx platform.
Well I guess it is on a winx platform...but since I don't use the os
it still meets my criteria.
On Thu, 26 Aug 1999 16:13:07 -0400, Kertis Henderson
<[EMAIL PROTECTED]> wrote:
>
>Hello!
>
>I'm running a RedHat 6.0 computer on a TCP/IP network. This computer
>runs Samba, too. This works real nicely, except that I really can't
>browse the local network. I have a WIndows 98 computer that is behind
>my Redhat computer, using IP Masquerading. This works very nicely for
>everything except SMB. I can see my RedHat computer from WIndows, but I
>can't see past it.
>
>Is there any way of seeing the rest of the network from Windows? Thanks
>for any input!
>
>--
>
>Kertis Henderson
>[EMAIL PROTECTED]
------------------------------
From: colin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: cost of leased line in notting hill, London England
Date: Fri, 27 Aug 1999 14:31:07 GMT
Could someone very kindly tell me if this seems a reasonable price for a
leased line in Notting Hill, London England. Prices are in pounds sterling
£2000 set up
£8700 128k
£12200 256k
£17900 512k
On a copper line. We are buying a 128k line, with scalability up to 1 or
two mb. Are these fair prices? Who is a good carrier company?
Cheers for any advice......:)
Colin
================== Posted via CNET Linux Help ==================
http://www.searchlinux.com
------------------------------
From: kite@NoSpam.%�inetport.com (Clifford Kite)
Subject: Re: ppp bad-configure/rej:
Date: 27 Aug 1999 09:08:49 -0500
Bill Dossett ([EMAIL PROTECTED]) wrote:
: system are identical it connects and during authentication
: (I think) it fails with message
: received bad configure-nak/rej: 03 06 c1 f3 e9 41
: and I can't find any references to anything like
: that anywhere to try and figure out why.
It's a pppd message rarely seen, and is more suggestive of the IP
address option in IPCP negotiation. The context is important, I'd
suggest posting the pppd debug log in toto.
--
Clifford Kite <kite@inet%�port.com> Not a guru. (tm)
/* Speak softly and carry a +6 two-handed sword. */
------------------------------
From: "Cedric Blancher" <[EMAIL PROTECTED]>
Subject: Re: IP Masquarading & Netmeeting -> HELP
Date: Fri, 27 Aug 1999 16:47:33 +0200
Henry van Deest <[EMAIL PROTECTED]> a écrit dans le message :
7q5pq2$hcp$[EMAIL PROTECTED]
> Hello,
>
> I'm having a Linux-machine here (Suse 6.1).
> This machine became my Internet-gateway for my other 4 machines
(windows98).
>
> It all works great ! -> Http, FTP, Mail, ICQ
>
> The only thing that won't work is Netmeeting. I can call somebody; he
gets
> my picture through the webcam, but I can't hear or see the other
party.
>
> It's also not possible to call me with netmeeting.
>
> Does somebody know what I can do about it ?
Forward UDP traffic.
ipchains -A forward -s $network -p UDP -d 0/0 -j MASQ
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: uunet's baton-rouge spammer is back
Date: 27 Aug 1999 13:46:55 GMT
In <[EMAIL PROTECTED]> David Crooke <[EMAIL PROTECTED]> writes:
>I got a spam today (fake return address [EMAIL PROTECTED]) from
>153.37.147.191 which superficially appears to be UUnet in the Big Apple.
>Is this the same idiot?
>I complained to [EMAIL PROTECTED] which (inappropriately IMHO) goes to
>their customer service - I have had (limited) success from them in the
>past.
I have (apparent) success by sending spammed email, with full headers,
to abuse-mail@@uu.net (where [EMAIL PROTECTED] tells you to send emailed
spam). I am not apprently on his hit list currently, which is a good
thing for his survival, as most poeple spam me and face their ISP
shortly after that. uunet claim to have nuked the sopamer's account anyway.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: Raymonds Doetjes <[EMAIL PROTECTED]>
Subject: Re: Linux and OSPF ?
Date: Fri, 27 Aug 1999 15:35:54 +0200
If you find something please send it to me too.
I also i'm looking for IGRP or EIGRP from Cisco on Linux, it supports
loadbalancing, do you know if that is available on Other Unixes?
Raymond
none wrote:
> Does linux have support for OSPF (Open Shortest Path First) v2 ?
>
> Thanks for any help given.
------------------------------
From: "Dave Ewart" <[EMAIL PROTECTED]>
Subject: Re: Q: How to get "genericstable" working?
Date: Fri, 27 Aug 1999 12:53:51 +0100
Frank Hahn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 25 Aug 1999 15:33:50 +0100, Dave Ewart <[EMAIL PROTECTED]>
wrote:
> >By reconfiguring Sendmail, I want to be able to map an outgoing,
> >fully-formatted email address such as [EMAIL PROTECTED],
to a
> >local user on our server.
> >
> >I have tried the following:
> >
> >Created a text file called /etc/genericstable containing a single
line
> >of text:
> >[EMAIL PROTECTED] localusername
> >
> >I ran "makemap -r hash genericstable.db < genericstable".
> >
> >In sendmail.cf, I changed the line "#Kgenerics dbm
/etc/genericstable"
> >to "Kgenerics hash /etc/genericstable.db"
> >
> >After stopping and restarting Sendmail (no errors appear), messages
sent
> >to user [EMAIL PROTECTED] arrive at user
> >[EMAIL PROTECTED] rather than going to localusername ...
> >
> >I also tried replacing localusername with
[EMAIL PROTECTED]
> >in /etc/genericstable and going through the motions again - same
result.
> >
> I'm by no means a sendmail expert but I thought the genericstable
> file was used to convert a local mail name to an outgoing address
> and not the other way around.
Ah, you could be right, Frank - it is possible I've misunderstood on a
fundamental level with this one!
I'll checkout the sendmail groups ...
Cheers,
Dave.
--
Dave Ewart, Computing Manager
Imperial Cancer Research Fund (Cancer Epidemiology Unit), Oxford
[EMAIL PROTECTED]
------------------------------
From: David Crooke <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Why use real IP's when I can use virtual?
Date: Fri, 27 Aug 1999 14:01:28 GMT
There is no speed difference - the masqing is done in the kernel of your
Linux firewall box, in a few microseconds.
The only reason you'd need real IP's is if you need connections
initiated from outside (e.g. some types of ICQ/games packets, machines
inside acting as servers).
Masq'd IP's are also less prone to being hacked.
--
David Crooke, Austin TX, USA. +1 (512) 656 6102
"Open source software - with no walls and fences, who needs Windows
and Gates?"
------------------------------
From: [EMAIL PROTECTED] (Ted Potter)
Subject: Re: 10 or 100
Date: Fri, 27 Aug 1999 14:04:15 GMT
Reply-To: [EMAIL PROTECTED]
yep - autosense should flip it to the appropriate speed. For grings I
just attached my 10/100 linksys nic to a 10baseT hub attached to my
10/100 hub. Flipped over without a hitch.
Course this is linux can not speak for winx.
On Thu, 26 Aug 1999 23:46:18 -0500, TurboTex <[EMAIL PROTECTED]>
wrote:
>It should be automagic.. are all the hubs 100s?
>
>or whatever is on the net.
>
>Lethal wrote:
>>
>> Hi all,
>>
>> I have a Linksys 10/100 nic installed in a machine running RH5.2 The
>> nic is using the tulip driver as specified my linksys...and is working.
>> Just curious, do the card still autosense 10 or 100 connetions? I
>> transferred a few files over the network with ftp, and it did seem to
>> take a great deal of time. Do I need to edit something to tell the card
>> to use the 100 mbs mode, or is it auto.
>>
>> Thanks for your time
>>
>> Lee
>
>--
> ----
>
> M.H. Collins < LINUX: The Official OS >
> ****** < for the New Millennium >
> Powered by TurboLinux 3.6 http://www.linuxlink.com
> Driven by XFCE3 http://www.austinlug.org
------------------------------
From: [EMAIL PROTECTED] (Duncan Simpson)
Subject: Re: Intranet pop-server
Date: 27 Aug 1999 13:59:10 GMT
In <3%lw3.3412$[EMAIL PROTECTED]> "Ignacio Iturregui"
<[EMAIL PROTECTED]> writes:
>I just wanted to know how could I setup Linux to work as an internal pop
>server and smtp server in order to have e-mail within a LAN. The other
>computers are using Win '98, so the idea is to use Eudora or Outlook to
>check for the e-mail that will hopefully be on the Linux box. Thanks,
Yup, thus works. The basic things are, first make sure the box is reasonably secure.
The following should be simple and effective:
1. Miminise services. I would advise turning off telnet and only allowing
shell access via ssh. Shell access should be limited to those people that
need it and nobody else. This buys you a lot of security.
2. Keep uo to date with security patches to keep the script kiddies out.
3. Subscribe to a security mailing list or so (highly recommended).
Now, we resume actually the scheduled subject
Providing SMTP and POP service basic requires you to run your choice
of SMTP server (the main choices are sendmail, qmail and postfix) and
POP server (several choices here too). The choices in RH or any other
distibrution should be reasonable.
You will need to change RH and other distribution sendmail
configuration files slightly to allow your machines to use the box as
a general-purpose relay. Detials vary and my system is upgraded SLS
1.03 (kerenl 0.99pl13) and therefore can not tell you the
detials. Allowing anyone general prupose relaying is a *big msitake*
and gets your machine shunned by lots of mail servers (at no extra cost).
Spammers often use open relays without anyone's permission or consent.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
------------------------------
From: "Robert_Glover" <Please_reply_to@newsgroup>
Subject: Re: Can an ISP detect masquerading?
Date: Thu, 26 Aug 1999 13:01:45 -0000
>A network expert is able to do whatever he wants on your machine when
you
>are directly connected to his computer... The only problem is to
convince
>the lawyers using legal methods. I don't think it is legal to forbid
>masquerading, and your computer only acts as a gateway. For a non
expert,
>the sole thing which can help to find whether or not you are
masquerading is
>the heavy traffic on the network connexion, coming from many sites at
once.
>
>Bye, Christophe POIRIER
With a single PC I routinely view more than one site at a time,
especially slow ones. I may also download a file while I continue to
browse. I mean who is going to site there and watch the download
progress bar while they can be doing something else. I don't think
that kind of connection profiling is going to be very illuminating to
an ISP. The port numbers seem to be more informative, but they're
still just not proof.
------------------------------
From: Raymonds Doetjes <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux.mandrake
Subject: Re: Class A Subnet
Date: Fri, 27 Aug 1999 15:40:28 +0200
This looks pretty strange, are you sure your class A = 10.x.x.x (this is a
privat range).
Since 1..126 = Class A
128 - 191 = Class B 172.16-32.x.x (privat range)
192-255 = ClassC 192.168.0-255.x (privat range)
Perhaps you should look in your config files from your network if perhaps
there is the netmask set to 25 bits?!
I don't know mandrake for that matter but if it is trully SysV compatible
it should reside in rc.config
Raymond
"Mehmet T. Avcioglu" wrote:
> I have IP space from a class A network. However, the subnet mask I use
> is understandably smaller than 255.0.0.0. The configuration is as
> follows.
>
> eth0 A.B.C.10 255.255.255.128
>
> Each time the box reboots, the following routes are added.
>
> A.B.C.0 255.255.255.128 eth0
> A.0.0.0 255.0.0.0 eth0
>
> This leaves the whole class A network out of the reach of this computer.
> The only thing I can think of is the ipcalc program that ifup script
> uses. But it isn't even supposed to run that program since I entered the
> information.
>
> Any help on this would be apreciated.
>
> I am using Mandrake 6.0
>
> --
> Mehmet T. Avcioglu
------------------------------
From: Kenneth Wong <[EMAIL PROTECTED]>
Subject: Re: [newbie] proxy services?
Date: Fri, 27 Aug 1999 08:52:54 -0400
Thanks, I'll look around for 'em. =)
Ken.
On Thu, 26 Aug 1999, YouDontKnowWho wrote:
> If you want to replace WinGate on an NT box with something else on a
> Linux box, you need to look into IPCHAINS and MASQUERADING.
>
> --
> Principle of Minimum Access: "That which is not explicitly permitted
> is denied."
>
> ANNOUNCER: And now we return to our regularly scheduled, uncommonly
> entertaining thread...
>
> Kenneth Wong wrote in message ...
> >Hi,
> >
> > I've got a general question about home networks connected to the
> >internet via cable modem.
> >
> > right now, I'm using NT with Wingate 3 as my proxy server. It
> works
> >pretty well, seeing as though there's next to no configuration to be
> done.
> >And, after installing clients on the one other machine in the house,
> >there was no need to setup any applications to go through the proxy.
> >Wingate handled all that for me.
> >
> > I was wondering whether the same type of setup could be
> accomplished
> >with Apache or Squid on my Linux box. Or if I should be reading up
> on
> >other technologies in order to get this type of setup up and running.
> >
> >Ken.
> >
> >
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Ted Potter)
Subject: Re: IP Masqerading - Win95 client wont work!!
Date: Fri, 27 Aug 1999 13:27:13 GMT
Reply-To: [EMAIL PROTECTED]
yep. I use both win95/98 without a problem.
My win98 looks like:
IP 192.168.1.20
nm 255.255.255.0
GW 192.168.1.3 (linux 5.0 machine in my case)
DNS192.168.1.3 + my isp dns servers
I filled in the host and domain name stuff, but I think since I use
the private address space it is bogus. The nice part is I can even
use ping on the winx machines - something I was unable to do via
a proxy server.
Now if I could only get the linux box to route in audio/video .....
:-)
Ted
On 26 Aug 1999 16:29:30 GMT, [EMAIL PROTECTED] (Stew Benedict) wrote:
>No you don't need ICS, just a working TCPIP setup.
>
>On Sat, 21 Aug 1999 21:23:38 GMT, Sunil P. Khatri <[EMAIL PROTECTED]> wrote:
>>I installed IP masquerading, and my gateway and (linux) clients
>>work just fine with the configuration and strong ipfwadm rulesets
>>that are described in the latest IP-Masquerading HOWTO (v. 1.77).
>>My gateway runs kernel 2.0.30.
>>
>>However, when I put a Win95 client on the local network, with the
>>settings as described in the IP-Masquerading HOWTO (I set the IP
>>address, netmask, gateway address and DNS server addresses in the
>>TCP_IP->NIC properties) the win95 client can only ping the other
>>machines on the local network, but cant ping any outside machine.
>>
>>Any idea why this is the case?
>>
>>My conjecture is that the IP-Masquerading HOWTO was written for win95
>>and win98 clients that support the ICS (internet connection sharing)
>>option in networking. My win95 client does not have this module. Does
>>this make sense?
>>
>>Muchas thanks
>>Sunil
>
>
>--
>
------------------------------
From: Peter Buelow <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: Can/should a firewall be used as DHCP server
Date: Fri, 27 Aug 1999 09:59:29 -0500
"Jorge O. Martinez" wrote:
>
> Hi there Linuxeros!
>
> I have a project (network) that I must finish within the next few days, and
> one of this network's vital components will be a firewall between my
> private network, and an ADSL connection to the web. I got 5 static IP
> addresses from my provider, so I am going to set up 5 different firewalls
> for different 'depts.' so they are invisible to each other. Of course, the
> firewalls will be Linux based.
>
> I would like to use DHCP for the private network side, and I am wondering
> if I can/should use the same box that I will use for the firewall as a DHCP
> server...From what I have read, as many services as possible should be
> disabled for the firewall, but I am wondering if the DHCP server would also
> be a potential security hole...I wonder if I it can even be done as this is
> my first firewalling project!
>
> I'll be using Suse or Mandrake for the firewall...Or any other distro that
> can get the job done! Suggestions are welcome on this issue too!
>
> Thanks in advance for any suggestions,
>
> Regards,
>
> Jorge M.
>
> ------------------ Posted via CNET Linux Help ------------------
> http://www.searchlinux.com
I am not aware of any security risks with BIND 8 (I know or am pretty
sure there are some, but they are not well known) and if you bind the
dhpc server daemon to the NIC that services your private network, then
you shouldn't have a problem. Basically, by binding to just your private
network, it won't listen to requests on the public side and this should
close any or all possible security holes. I am doing this at home on my
cable modem firewall and haven't had any trouble. Just make sure you are
using the latest BIND 8 server. Good Luck.
And just personal pref, SuSE 6.1 or 6.2 are the best. I used to be
slack, but was disappointed with the fact that the new dist (4.0) is not
glibc and there were a few bugs. Anyway, just a point of preference.
--
Peter Buelow - Software Engineer
--
"Finger to spiritual emptiness underlying everything." -- How a C manual
referred to a "pointer to void."
------------------------------
From: [EMAIL PROTECTED]
Subject: Server considerations
Date: Fri, 27 Aug 1999 17:15:02 +0200
Suggestions for a good Linux server needed.
=================================
I have a usergroup of approx. 30 Windows users and 5 Macintosh users
served by a Novell file and print server. I aim to replace that server
with a Linux box. The Novell box has worked fine for several years so
far but needs upgrading or replacement. My main consideration is
stability and security, so I would like som suggestions upon Linux
distributions, kernel versions and applications. The server needs to do
the following:
-File & print server for Windows (Should I use Samba? Is there something
else? Important considerations?)
-File & print server for Macintosh (Should I use Netatalk? What else?)
-UPS management (What applications are there?)
-Backup on a DAT (What applications are there?)
I would like the server to be simple, stable and secure. Nothing fancy,
possibly not even X-windows.
This is a chance for me to introduce Linux as an alternative to Windows
NT at the university where I work. So help me do the right thing. Supply
me with your knowledge. Money is an issue, so everything for free is a
great plus.
Suggestions please.
/Anders
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
