Jesper has a pretty good summary. I have one or
too points to add...
> Wiebe wrote:
> >
> > Hello,
> >
> > I have a network with 12 win95 pc's, 5 nt servers, 10 hpux machines and 1
> > linux box. That linux box is equipped with a modem, and has to arrange the
> > connection to my isp. I`m using diald for it. On the linux box is a proxy
> > server installed. The problem is that *some* machines on that network make
> > the link come up, when it was not necessary. I don't know which machine it
> > is, and i would like to know, is that possible ? (the only thing i know
> > is that name-request bring up the link)
>
> You can use either tcpdump or look in dctrl to see what happens, but
> most likely it can be these things (ordered with the most likely first)
> :
That's exactly what I did when I had the same problem. One tip --
use
tcpdump -vv -s 1024
This will get the whole DNS request and decode it, showing what
ip address is being requested.
You can also use tcpdump on your ppp0 interface to look only
at what is going over the ppp link.
>
> You haven't blocked the Windows NetBIOS traffic.
> You're running a DNS server and it tries to update itself.
> You're running sendmail and have not re-compiled it with the DNS related
> options disabled, and because of that it makes DNS requests now & then.
> Your proxy (squid ?) is not configured to use the local DNS first and
> has not been told what IP the local machine(s) has, so it tries to look
> at the internet for them.
>
Right. One more possibility -- you have LM Announce set on
your win95 machines. (Ok, turn on the win95 machine on the
next desk and check...)
My Computer -> Control Panel -> Network
Select 'file and printer sharing for microsoft networks'
Select properties
Turn off LM Announce
-- cary
>
> The DNS stuff is, AFAIR, described in the DNS howto. It's more or less
> to make it a caching nameserver only.
> The /etc/named.boot should look like this :
>
> [root@gaudi /etc]# cat named.boot
> ;
> ; a caching only nameserver config
> ;
> directory /var/named
> cache . named.ca
> primary 0.0.127.in-addr.arpa named.local
> [root@gaudi
> /etc]#
>
> I've forgot if it's necessary to delete the entrys in the root server
> file (/var/named/named.ca), but try without first.
>
>
> The sendmail stuff is a bit more tricky, but less of a problem. Whenever
> you send a mail to the internet using sendmail, it'll cause the link to
> go up to send the mail.
> It is possible to make sendmail do this only when the link allready is
> up, ie. queue the mail without any DNS requests or other things that
> would make the link go up, and wait for a sign (from ip-up) to send
> everything.
> The 'problem' is that you have to change something in the sourcecode and
> recompile sendmail.
> I believe it's described several places, but the only I can remember is
> at http://www.fido.dk/faq/unix-faq/unix_r23.htm#sectionA.4
> But be adviced, it's in danish ;-)
>
>
> The (squid) proxy options is described in /etc/squid/squid.conf
>
>
> The NetBIOS stuff happens at port 137/udp, 138/udp & 139/tcp. They'll
> look like name-requests. Try blocking these and see if it helps.
>
>
> l8r/JSpr
> --
> Jesper Frank Nemholt Tel : +45 75 82 52 56
> Pilevaenget 23 2. MF Fax : +45 75 82 52 69
> DK-7100 Vejle WWW : http://dassic.com/users/jfn/
> Denmark, Planet Earth... E-Mail: mailto:[EMAIL PROTECTED]
>
> Seven dead and they blame Marine training.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
