Q re dhcpd.conf setup
Greetings; As I get to do a bit of computer repairs from time to time, I've setup a little 5 address wide dhcpd server on my firewall box. But I had a problem last night getting a fresh winderz XP (spit) install to connect, specifically I had to enter a gateway address in the tcp/ip properties and reboot before it would connect. It was given an dhcp address according to the logs on the firewall box, but apparently not a gateway address. Should the dhcpd protocol have handled that? It is not setup in the dhcpd.conf I'm using, and I can find no references to defining a gateway address in any of the dhcp related manpages, which does seem a bit odd to me. It never crossed my mind when setting it for my new lappy running FC5 because I'd already set that up on a fixed address basis before converting it to BOOTPROTO=dhcp in the ifcfg-wlan0 file. The dhcpd daemon itself is running on my firewall, a rh7.3 box. A second question: How can one add a level of security by password protecting this dhcp login, makeing the client supply a correct password before the lease is negotiated? That doesn't seem to be mentioned in the manpages either. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved. -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Fedora Legacy Test Update Notification: tetex
- Fedora Legacy Test Update Notification FEDORALEGACY-2006-152868 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152868 2006-04-26 - Name: tetex Versions: rh73: tetex-1.0.7-47.5.legacy Versions: rh9: tetex-1.0.7-66.3.legacy Versions: fc1: tetex-2.0.2-8.2.legacy Versions: fc2: tetex-2.0.2-14FC2.3.legacy Summary : The TeX text formatting system. Description : TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. - Update Information: Updated tetex packages that fix several security issues are now available. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. Several flaws were discovered in the teTeX PDF parsing library. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. - Changelogs rh73: * Tue Apr 25 2006 Marc Deslauriers [EMAIL PROTECTED] 1.0.7-47.5.legacy - Added tetex tetex-latex and tetex-dvips to BuildPreReq! * Fri Apr 21 2006 Marc Deslauriers [EMAIL PROTECTED] 1.0.7-47.4.legacy - Added patch to remove expiration check * Wed Apr 19 2006 Marc Deslauriers [EMAIL PROTECTED] 1.0.7-47.3.legacy - Added missing netpbm-progs, ghostscript, ed and texinfo to BuildPrereq * Fri Mar 17 2006 Donald Maner [EMAIL PROTECTED] 1.0.7-47.2.legacy - Patches for CESA-2004-007, CAN-2004-1125, CAN-2004-0888, CVE-2005-3193 rh9: * Tue Apr 25 2006 Marc Deslauriers [EMAIL PROTECTED] 1.0.7-66.3.legacy - Added missing tetex, tetex-latex and tetex-dvips to BuildPreReq * Fri Apr 21 2006 Marc Deslauriers [EMAIL PROTECTED] 1.0.7-66.2.legacy - Added missing ed and texinfo to BuildPrereq * Thu Mar 16 2006 Donald Maner [EMAIL PROTECTED] 1.0.7-66.1.legacy - Patches for CESA-2004-007 CAN-2004-0888 CAN-2004-1125 CVE-2005-3193 (#152868) fc1: * Wed Apr 26 2006 Marc Deslauriers [EMAIL PROTECTED] 2.0.2-8.2.legacy - Added missing ed, texinfo, tetex, tetex-latex and tetex-dvips to BuildPreReq * Thu Mar 16 2006 Donald Maner [EMAIL PROTECTED] 2.0.2-8.1.legacy - Patches for CAN-2004-0888, CAN-2004-1125, CAN-2005-0064 and 2005-3193 fc2: * Tue Apr 25 2006 Marc Deslauriers [EMAIL PROTECTED] 2.0.2-14FC2.3.legacy - Fixed release tag - Added missing tetex, tetex-latex and tetex-dvips to BuildPreReq * Thu Mar 16 2006 Donald Maner [EMAIL PROTECTED] 2.0.2-14.3.legacy - Patch CVE-2005-3193 (#152868) - This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 80b05b7896c5db589e960da0d73b1cd4ae120cce redhat/7.3/updates-testing/i386/tetex-1.0.7-47.5.legacy.i386.rpm 28c6022b4f6a237d4695d1f268276ec6b18dcf4c redhat/7.3/updates-testing/i386/tetex-afm-1.0.7-47.5.legacy.i386.rpm 017fa321d9834685f04819070d4f5fb799e05d01 redhat/7.3/updates-testing/i386/tetex-doc-1.0.7-47.5.legacy.i386.rpm 3303175840f2fc37c5f3f77e672eeb3fafae718a redhat/7.3/updates-testing/i386/tetex-dvilj-1.0.7-47.5.legacy.i386.rpm fa43c7cbdf02cb7d439c9beeb0e358f8c69a5f22 redhat/7.3/updates-testing/i386/tetex-dvips-1.0.7-47.5.legacy.i386.rpm 1e69a574c3d47cec5b58963387956dfc8337d6ec redhat/7.3/updates-testing/i386/tetex-fonts-1.0.7-47.5.legacy.i386.rpm bb229acb3b38ae16025d56a77c41cab939a512ac redhat/7.3/updates-testing/i386/tetex-latex-1.0.7-47.5.legacy.i386.rpm d21419415faefcb90b688f8d8dc60a57a6374bad redhat/7.3/updates-testing/i386/tetex-xdvi-1.0.7-47.5.legacy.i386.rpm f646b3f3c2ebafa6ae264f20a3f056c778bd84db redhat/7.3/updates-testing/SRPMS/tetex-1.0.7-47.5.legacy.src.rpm rh9: 26f54ca0403372b21e6fd441d9bb64073f23e7de redhat/9/updates-testing/i386/tetex-1.0.7-66.3.legacy.i386.rpm e74de7855d1d07bcef6a713f4a8735e8008f5249
Fedora Legacy Test Update Notification: emacs
- Fedora Legacy Test Update Notification FEDORALEGACY-2006-152898 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152898 2006-04-26 - Name: emacs Versions: rh73: emacs-21.2-3.legacy Versions: rh9: emacs-21.2-34.legacy Versions: fc1: emacs-21.3-9.2.legacy Summary : The libraries needed to run the GNU Emacs text editor. Description : Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. - Update Information: Updated Emacs packages that fix a string format issue are now available. Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0100 to this issue. Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue. - Changelogs rh73: * Sun Mar 12 2006 Jesse Keating [EMAIL PROTECTED] 21.2-3.legacy - Patch for CAN-2005-0100 (#152898) rh9: * Sun Mar 12 2006 Jesse Keating [EMAIL PROTECTED] 21.2-34.legacy - Patch for CAN-2005-0100 (#152898) fc1: * Wed Mar 15 2006 David Eisenstein [EMAIL PROTECTED] 21.3-9.2.legacy - Clean up the #101818 (vm/break dumper problem) workaround * Wed Mar 15 2006 David Eisenstein [EMAIL PROTECTED] 21.3-9.1.legacy - Oops. Forgot to rework make install for the broken setarch. Now done. * Wed Mar 15 2006 David Eisenstein [EMAIL PROTECTED] 21.3-9.legacy - Re-instate setarch stuff; but make use of setarch dependent upon whether or not it is broken in this given invocation of rpmbuild. Why? If setarch doesn't break, it is probably needed and will be used for the bugzilla #101818 issue. If setarch *does* break, then it is likely breaking because it is operating within another setarch (FC1's setarch breaks under that circumstance), such as when being built by plague/mock. In that instance, it is not needed. * Sun Mar 12 2006 Jesse Keating [EMAIL PROTECTED] 21.3-8.legacy - Patch for CAN-2005-0100 (#152898) - Remove setarch stuff, not needed in new build system - Added builddep on autoconf213 - This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 4441c55cfe91aabf2203d68bcbc0cf2bbd5f8798 redhat/7.3/updates-testing/i386/emacs-21.2-3.legacy.i386.rpm 33e802e8f306f13519dd2c3f045eb9efe5e4680a redhat/7.3/updates-testing/i386/emacs-el-21.2-3.legacy.i386.rpm f6293ffe1c51c3bb31f1b3941da0938d8a98eff2 redhat/7.3/updates-testing/i386/emacs-leim-21.2-3.legacy.i386.rpm a5767f1100037b49602abb80831fa22da135c081 redhat/7.3/updates-testing/SRPMS/emacs-21.2-3.legacy.src.rpm rh9: ae56dba68d59f5d49105f7afb6918ac945ad8b01 redhat/9/updates-testing/i386/emacs-21.2-34.legacy.i386.rpm 84047366c8488fa3c95070466b1bd20ce5d8687a redhat/9/updates-testing/i386/emacs-el-21.2-34.legacy.i386.rpm 8eb8449c456e7d475157992c3e6f8bc4bdf64c7b redhat/9/updates-testing/i386/emacs-leim-21.2-34.legacy.i386.rpm 4cf0ba484c3ab93210d186beb3c79b68b4e56984 redhat/9/updates-testing/SRPMS/emacs-21.2-34.legacy.src.rpm fc1: d56260f010b4603c89516ccf2ddd09c33c8c53c4 fedora/1/updates-testing/i386/emacs-21.3-9.2.legacy.i386.rpm 6bf7cb9bacc6c0f9374849fa4507ededa13193cf fedora/1/updates-testing/i386/emacs-el-21.3-9.2.legacy.i386.rpm fb23df114772b6c758499401751dfc389e2e1d88 fedora/1/updates-testing/i386/emacs-leim-21.3-9.2.legacy.i386.rpm 1a1133d917d4993c92a03c30ba08e8916c6a7bfe fedora/1/updates-testing/SRPMS/emacs-21.3-9.2.legacy.src.rpm - Please test and comment in bugzilla. signature.asc Description: OpenPGP digital signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: Q re dhcpd.conf setup
On Wednesday 26 April 2006 13:09, [EMAIL PROTECTED] wrote:
Yes, you can give clients the address of gateway via DHCP. The
necessary option in dhcp configuration is called 'routers'. You
should put in the dhcpd.conf file (usually in the subnet definition)
the following line
option routers gateway_address;
Change the 'gateway_address' with the address of your gateway. If
yor network is complex and includes more than gateway for the client,
list on that line all the gateways addresses separated by commas (see
the description of this option in 'dhcp-options' manpage).
The dhcpd server does not support the client authentication at this
time (howewer, it may support it in the future). You could try to
make something similar to protection you need using dhcpd's ability
to include conditions in its configuration (see 'dhcpd-eval'
manpage).
There doesn't seem to be a man 'dhcpd-eval' on that box.
And whatever I've done, there is no response in the logs on that box for
a dhcp negotiation session. Here is the last restart of the dhcpd
daemon as it shows in /var/log/messages:
Apr 26 19:34:43 gene dhcpd:
Apr 26 19:34:43 gene dhcpd: Listening on Socket/eth1/192.168.71.0
Apr 26 19:34:43 gene dhcpd: Sending on Socket/eth1/192.168.71.0
Apr 26 19:34:43 gene dhcpd: Listening on Socket/eth0/192.168.1.0
Apr 26 19:34:43 gene dhcpd: Sending on Socket/eth0/192.168.1.0
Apr 26 19:34:43 gene dhcpd: Listening on Socket/eth1/192.168.71.0
Apr 26 19:34:43 gene dhcpd: Sending on Socket/eth1/192.168.71.0
Apr 26 19:34:43 gene dhcpd: Listening on Socket/eth0/192.168.1.0
Apr 26 19:34:43 gene dhcpd: Sending on Socket/eth0/192.168.1.0
Apr 26 19:34:43 gene dhcpd: dhcpd startup succeeded
Here is the networks lashup:
HP-laptoprfwap11eth[8-port-switch]ethfirewall-1.92.168.71.1iptablesfirewall-191.168.1.1router[DSL-modem]
Here is the current, I think identical to what WAS working partially I
think, dhcpd.conf on the firewall box:
subnet 192.168.71.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option nis-domain coyote.den;
option domain-name coyote.den;
option domain-name-servers 192.168.71.1;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this
unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.71.101 192.168.71.105;
range 192.168.71.101 192.168.71.105;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server 192.168.71.1; #gene.coyote.den;
hardware ethernet 00:09:5B:07:7E:7D;
fixed-address 192.168.71.1;
}
}
# I've NDI why I even need this section, nothing comes from there that
# needs to have access to dhcpd services.
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option nis-domain coyote.den;
option domain-name coyote.den;
option domain-name-servers 192.168.71.1;
host ns {
next-server 192.168.1.1;
hardware ethernet 00:40:33:57:28:51;
fixed-address 192.168.1.100;
}
}
-
There is more than just the routers wrong in the above file, as I did
try it at 71.1, and that broke it even when converted back to 1.1.
Here is the currently working ifcfg-wlan0 from diablo[HP laptop]
[EMAIL PROTECTED] network-scripts]# cat ifcfg-wlan0
DEVICE=wlan0
ONBOOT=yes
BOOTPROTO=none
TYPE=Wireless
MODE=Managed
ESSID=ICECAP4NIGHTCAP
CHANNEL=6
IPADDR=192.168.71.6
DOMAIN=coyote.den
NETMASK=255.255.255.0
GATEWAY=192.168.71.1
USERCTL=no
PEERDNS=no
IPV6INIT=no
RATE=Auto
DHCP_HOSTNAME=diablo.coyote.den
HWADDR=00:14:A5:75:32:C9
Now, if I change to BOOTPROTO=dhcp
and comment out the gateway local addresses, then restart the network
on the lappy, there is no query for dhcp showing in the firewalls logs.
I'm obviously in over my head here as that was working this morning
before I took it to the tv station and tried and failed to connect to
their wifi network, for about 2 hours of the infinite monkeys routine.
The wap11 currently has an address, obtained before trying to figure out
howto dhcp connect to a new network. XP on that same lappy even
remembered the key from the session before, so it Just Worked(TM) when
I tried it today.
Is the above enough to see what it is I need to do?
--
Cheers, Gene
People having trouble with vz bouncing email to me
