..
| David A. Ranch - Remote Access/Linux/PCs [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
index.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
.----.
| David A. Ranch - Remote Acces
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
.
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.e
--raw} {-x|--unix} --ax25 --ipx --netrom
Af= -A {inet|ipx|netrom|ddp|ax25},... --inet --ipx --netrom --ddp --ax25
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL
) Make sure that in your /etc/rc.d/rc.local file or
some other firewall script that you have:
echo "1" /proc/sys/net/ipv4/ip_dynaddr
--David
.----.
| David A. Ranch - Remote Acces
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http
irisnet.be/
---
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.cs
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
/linux/midentd/
Sident: http://insecurity.net/sidentd.gz
Few others ftp://sunsite.unc.edu/pub/Linux/system/network/daemons/
Anyone else know of some others?
--David
..
| David
users. For full examples
(though a little dated) check out:
http://www.ecst.csuchico.edu/~dranch/PPP/ppp-performance.html#linux
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
s and check out your /var/adm/messages
file to see whats up.
BTW.. where did you get your IPFWADM Ruleset? There are
many out there and most are VERY good. Some don't work though.
--David
.----.
| David A. Ranch - Re
recommend to
install IPPORTFW instead since it is more reliable.
You can grab it from:
Homepage:
http://www.ox.compsoc.org.uk/~steve/portforwarding.html
--David
..
| David A. Ranch - Remote Access
s received
120 second time-out for udp packets
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`
PROTECTED]
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.e
help?
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http
?
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
? By any chance, are you running IPAUTOFW
or even have it just compiled into the kernel?
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
. Is this a
problem?
Any idea on why masquerading breaks so fast?
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
nt
192.168.x.x IP address is behind the 208.15.109.37 address, traffic
won't know where to put it. Get it?
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
ipfwadm -F -a -V 192.168.200.9 -D 192.168.100.0/24
ipfwadm -F -a -m -V 208.15.109.37
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
pe) 12.72.64.185
# My fixed addresses
ME="192.168.7.1"
FIRE_NET="192.168.7.0/24"
PRIV_NET="192.168.7.0/24"
ALLIP="0.0.0.0/0"
HIPORTS="1024:65535"
.-
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
]
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
roblem with ipautofw).
--
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.
sk Flags Metric RefUse Iface
255.255.255.255 * 255.255.255.255 UH0 00 eth1
Finally, post your /etc/dhcpd.conf file
--David
.----.
| David A. Ranch - Remote Access
ifier [EMAIL PROTECTED];"
statements and other stuff.
Redo your /etc/dhcpd.conf file with the TrinityOS doc.
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL
above seem correct
Yes.. this only shows ROUTEs and NOT IPs unless its for
Point-to-Point links like SLIP, PPP, etc.
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu
network is going to be
replaced by the Internet in a few years, not much motivation :-)
Well... its going to take more than a few years. But,
I really do feel ISDN will die pretty quickly now.
--David
..
| David A. Ranch
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
all covered in the TrinityOS doc):
/sbin/ipfwadm -I -a accept -V 127.0.0.1 -S $universe -D $universe
/sbin/ipfwadm -O -a accept -V 127.0.0.1 -S $universe -D $universe
--David
..
| David A. Ranch - Remote
a cachine DNS or authoritative DNS server.
Regardless, anyone who is running Linux for a MASQ server, be it
a dial up line, ADSL, Cablemodem, etc, should setup a caching
DNS server.
--David
..
| David A. Ranch - Linux
://www.ipmasq.ddns.org/
My WWW page:
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
--David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED
lly got something working, I'd like to leave it alone, but if
there's someting taboo in this, I'd like to fix it asap.
SECURITY. Again.. read the TrinityOS doc.
--David
.--------.
| David A. Ranch - Linux/Networking/PC har
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu
(Linux distro hardening
is in there too).
--David
.--------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detai
of packets in a
protocol-specific manner. In fact, you can't even filter based on
anything past the ICMP/TCP/UDP header.
If you'd like, I can ship you the ipfilter/ipnat man pages and/or
example configuration files.
.----
of a given
host over a MONTH or more. At this slow rate, many network admins
won't recognize that its a very slow portscan. Then with this
log, you'll know if you have a malicious hacker after your box.
--David
..
| David
?
Use a correctly configured DHCP.
--David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more
.
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.e
. I'll try running a while with the analog...
If it still doesn't work, it looks like I may have a bad isdn
modem.
Doubtful. Does it work under Windows?
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
ETF policy of liberal acceptance- strict emmitance is
reaching even further down the stack than, perhaps, initially intended.
Boy, IPv6 should prove to be even more interesting (in the true vain of
the Chinese curse) once available for general consumption.
--
.-----
want a serious speed up, download the
newest version of SecureCRT from www.vandyke.com and turn on
SSH compression. Man! It makes a BIG difference!
--David
..
| David A. Ranch - Linux/Networking/PC hardware
+, Steven Clarke wrote:
On Mon, 1 Dec 1997, Penio Penev wrote:
On Sun, 30 Nov 1997, David A. Ranch wrote:
But the moment I try to get data from a Netscape-Enterprise/2.01 server
the connection hangs from the internal hosts. Here is a telnet
transcript:
Hangs forever
docs:
/usr/doc/HOWTO/mini/Proxy-ARP
and
/usr/doc/HOWTO/mini/Proxy-ARP-Subnet
--David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED
doc but just change the
"intif" name from eth0 to "plip0".
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
Where do I find what my keepalive is currently set to?
I'm not sure what the default is but its too low. Go
ahead and manually set it.
--David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL
I was looking thru the IP Aliasing mini-faq and it mentions that I need IP
Masq compiled as a module but then doesn't seem to do anything with it.
IP Aliasing should have nothing to do with IP MASQ.
--David
..
| David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
shouldn't have any problems. Because of this, I
would be hesitant to impliment anything that would dynamically
muck around with your ruleset.
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL
to add more IPFWADM allow lines.
- This rule assumes that your destination server will
be listening on port 6667. You will have to add other
server ports as you find them.
--David
..
| David
etc.. put a "-o" on them too!
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For mor
Compiling, and installing IPPORTFW
10 - MASQ startup and advanced firewall rulesets for single and multi-NIC
setups
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
.
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.e
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
-D $ANYWHERE
Why are you filtering ICMP?
Can someone explain what this is, and offer a suggested change to my
firewall rules to eliminate this error?
Delete all your ICMP lines in your ruleset!
--David
..
| David
timeout.
--David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
0/80
ipportfw -A -t206.63.251.175/80 -R 192.168.0.100/80
Ok.. if you enter in each rule at the command line, do you
get any errors?
What does a "ipportfw -L" say?
--David
.--------.
| David A. Ranch - Linux/Networking/PC har
be done
at the IPCHAINS level. I would imagine it would be a kernel-level
issue.
--David
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
!
--David
.----.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.e
g the DHCP broadcast
to the wrong NIC card.
Added the fact that you need put all your DHCP leases into
DNS and restarting named.
[Section 27]
..
| David A. Ranch - Lin
g as they are FTPing to
a remote site on port 21. Are you using a strong IPFWADM ruleset?
Are you allowing port 20 out?
--DAvid
.----.
| David A. Ranch - Linux/Networking/PC hardware
..
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
..
| David A. Ranch - Remote Access/Linux/PCs [EMAIL PROTECTED] |
!!
`- For more detailed info, check out: www.ecst.csuchico.edu/~dranch
-rw-r--r-- 1 root root53135 Apr 14 09:58 ipfwadm.c
-rw-r--r-- 1 root root52387 Apr 14 09:57 ipfwadm.c.orig
-rw-r--r-- 1 root root 423 Jul 30 1996 ipfwadm.lsm
..
| David
e dellster;
}
--
..
| David A. Ranch - Remote Access/Linux/PCs [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.cs
, sendmail, dhcp, etc.. check out my site too:
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html
Good luck!
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
are going to
be updated to do IPCHAINS rulesets but they aren't
done yet.
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
realms.
He also agreed that these config seems messed up.
BUT he assured me that it was the only way he could
get everything to work reliably.
--
Date: Tue, 26 May 1998 15:26:27 -0400
X-Sender: [EMAIL PROTECTED]
X-Mailer: Windows Eudora Version 2.1.1
To: "David A. Ranch" [EMAIL PROTE
ne
Regards
Michael Anthon
.--------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http:/
David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchic
RAS servers corrupt IP packets when they start getting
heavily loaded.
Either way... this is just an annoyance. I even get them on my
cablemodem!
--David
.--------.
| David A. Ranch - Remote Access/Linux/PC
connection's MTU to 1500
and try again.
--DAvid
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
/proc/sys/net/ip_forwarding = 1
Try "echo "1" /proc/sys/net/ipv4/ip_forwarding"
Notice the addition of the ipv4 stuff.
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware
.
ETH0.
If, for some reason, your new ETH card isn't recognised by the kernel, modify
this line and add it to your /etc/lilo.conf file:
append="ether=0,0,eth1"
--david
.----.
| Davi
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
on to IPCHAINS is gonna be
a pain. Also.. my Dell laptop does NOT want to make a 2.1.108+
kernel work with PCMCIA cards. Can you say crash?
--David
.----.
| David A. Ranch - Remote Access
ted the same, if you
want to. You don't have to create custom chains if you don't want to. :)
Agreed.. but I'm lazy! :)
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware
es "2898" members of the cable industry and Internet
community.
.----.
| David A. Ranch - Remote Access
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
acker.
--
--David
.----.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
but
it can't use ALL of them. I've seen ports 1,7,8,53,58, etc.. ports
it SHOULDN'T use!
Anyway.. lemmie know! All tips, ideas, etc are welcome!
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL
://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more
mask to /32
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!!
`- For more detailed info, see http
and I are more than willing to field all ideas. Lets
hear them!
--David
..
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED
! "$GATEWAY" = "" ]; then
/sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 window 8192
metric 1
fi"
..
| David A. Ranch - Remote Acce
1 - 100 of 193 matches
Mail list logo