Linux-Misc Digest #349, Volume #25 Sat, 5 Aug 00 04:13:02 EDT
Contents:
IDE CD Writer (Julien Bouvrais)
ipchains, traceroute, and masquerading (David Steuber)
Re: ipchains, traceroute, and masquerading (lgavel)
Re: How to install new hardware in Linux? (Lew Pitcher)
Re: Real Audio on Linux (E J)
Re: Answer machine s/w (E J)
Re: Good alternative to outlook. (E J)
Re: How to install new hardware in Linux? (Trevor Brown)
----------------------------------------------------------------------------
From: Julien Bouvrais <[EMAIL PROTECTED]>
Subject: IDE CD Writer
Date: Sat, 05 Aug 2000 05:20:29 GMT
Hi
I've tried to set up my IDE CD-Writer (LG 8042 CD-RW) according to
the CD-Writer HowTO and still have some problems making it work.....
I've installed the ide-scsi driver as a module and prevented the regular
ide driver from detecting my drive at boot time... The CD Writer is
recognized by the scanbus command of cdrecord, but gives me a strange
warning about the CD capabilities:
******************************************************************
coyote:~# cdrecord -scanbus
Cdrecord release 1.8a29 Copyright (C) 1995-1999 J�rg Schilling
Using libscg version 'schily-0.1'
scsibus0:
cdrecord: Warning: controller returns wrong size for CD capabilities
page.
0,0,0 0) 'LG ' 'CD-RW CED-8042B ' '1.05' Removable
CD-ROM
0,1,0 1) *
0,2,0 2) *
0,3,0 3) *
0,4,0 4) *
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
*****************************************************************
Moreover when I try a dummy write to a CD, it fails as follows:
*************************************************************************
coyote:~# cdrecord dev=0,0,0 -dummy -multi -audio MakeIp//audio.raw
Cdrecord release 1.8a29 Copyright (C) 1995-1999 J�rg Schilling
scsidev: '0,0,0'
scsibus: 0 target: 0 lun: 0
Using libscg version 'schily-0.1'
cdrecord: Warning: controller returns wrong size for CD capabilities
page.
Device type : Removable CD-ROM
Version : 0
Response Format: 1
Vendor_info : 'LG '
Identifikation : 'CD-RW CED-8042B '
Revision : '1.05'
Device seems to be: Generic mmc CD-RW.
cdrecord: Warning: controller returns wrong size for CD capabilities
page.
cdrecord: Warning: controller returns wrong size for CD capabilities
page.
cdrecord: Warning: controller returns wrong size for CD capabilities
page.
Using generic SCSI-3/mmc CD-R driver (mmc_cdr).
Driver flags : SWABAUDIO
cdrecord: Warning: controller returns wrong size for CD write parameter
page.
cdrecord: Warning: controller returns wrong size for CD capabilities
page.
Starting to write CD/DVD at speed 1 in dummy mode for multi session.
Last chance to quit, starting dummy write in 1 seconds.
cdrecord: Warning: controller returns wrong size for CD write parameter
page.
cdrecord: Warning: controller returns wrong size for CD write parameter
page.
cdrecord: Input/output error. write_g1: scsi sendcmd: retryable error
CDB: 2A 00 00 00 00 00 00 00 0D 00
status: 0x2 (CHECK CONDITION)
Sense Bytes: 70 00 05 00 00 00 00 0A 00 00 00 00 64 00 00 00
Sense Key: 0x5 Illegal Request, Segment 0
Sense Code: 0x64 Qual 0x00 (illegal mode for this track) Fru 0x0
Sense flags: Blk 0 (not valid)
cmd finished after 0.004s timeout 40s
write track data: error after 0 bytes
Sense Bytes: 70 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00
*****************************************************************
And the ide-scsi driver complains in the syslog file:
Aug 4 06:40:36 coyote kernel: ide-scsi: The scsi wants to send us more
data than expected - discarding data
Aug 4 06:40:36 coyote kernel: ide-scsi: transferred 28 of 40 bytes
Would somebody have an idea?
Thanks
JU
------------------------------
Crossposted-To: comp.os.linux.networking
Subject: ipchains, traceroute, and masquerading
From: David Steuber <[EMAIL PROTECTED]>
Date: Sat, 05 Aug 2000 06:00:05 GMT
I have problems getting traceroute to work on a machine I am setting
up to be moved to another location. At the moment, it is on a private
IP LAN going through an ip masquerading router:
apostrophe<------>hub<------->interloper
|
DSL
Interloper has no problem pinging www.yahoo.com. Neither does
apostrophe. However, interloper can traceroute to www.yahoo.com while
apostrophe can't. I figure I either have a problem with my firewall
script or the problem will go away when I move apostrophe to a network
where it will have a real world ip.
DNS isn't working right either.
These are my rules on apostrophe (which will change slightly when the
machine is moved):
#!/bin/sh
#
# firewall This script sets up firewall rules.
# Interface to Internet
EXTIF=eth0
# Internal network address. For stand-alone machines, delete this and
# all the "forward" rules.
INTERNAL=10.14.40.0/24
# Wildcard address
ANY=0.0.0.0/0
### For details, see the man page ipchains(1) and
### /usr/doc/HOWTO/IPCHAINS-HOWTO -- David.
case "$1" in
start)
echo -n "Setting up firewall rules"
# Turn on forwarding to silence warnings...
echo 1 > /proc/sys/net/ipv4/ip_forward
# Set default policies; clear all rules
ipchains -P input DENY
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -F forward
ipchains -F input
ipchains -F output
### Spoof protection: Drop obviously suspect packets ###
### Any DENY targets should be redundant ###
# Allow all ICMP packets for now
ipchains -A input -l -i $EXTIF -s $ANY -d $ANY -p icmp -b -j ACCEPT
# Drop packets claiming to be from unroutable addresses
ipchains -A input -l -s 10.14.40.0/24 -i $INTERNAL -j ACCEPT
ipchains -A input -l -s 10.7.7.10/32 -i $EXTIF -j ACCEPT
ipchains -A input -l -s 10.0.0.0/8 -i $EXTIF -j DENY
ipchains -A input -l -s 172.16.0.0/12 -i $EXTIF -j DENY
ipchains -A input -l -s 192.168.0.0/16 -i $EXTIF -j DENY
# Drop packets wanting to go to unroutable addresses
ipchains -A input -l -d 10.14.40.0/24 -i $INTERNAL -j ACCEPT
ipchains -A input -l -d 10.0.0.0/8 -i $EXTIF -j DENY
ipchains -A input -l -d 172.16.0.0/12 -i $EXTIF -j DENY
ipchains -A input -l -d 192.168.0.0/16 -i $EXTIF -j DENY
### Poke holes in the firewall for usefull services ###
# Allow SSH connections from anyware
ipchains -A input -l -i $EXTIF -s $ANY 22 -p tcp -y -j ACCEPT
# Allow HTTP and HTTPS connections (duh!)
ipchains -A input -i $EXTIF -s $ANY 80 -p tcp -y -j ACCEPT
ipchains -A input -i $EXTIF -s $ANY 443 -p tcp -y -j ACCEPT
# Allow localhost to connect to everything
ipchains -A input -i lo -d $ANY -p icmp -j ACCEPT
ipchains -A input -i lo -d $ANY -p udp -j ACCEPT
ipchains -A input -i lo -d $ANY -p tcp -y -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY -p icmp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY -p udp -j ACCEPT
ipchains -A input -i $EXTIF -d $ANY -p tcp -y -j ACCEPT
### FORWARD rules only apply if you have an internal LAN gatewaying
### through this computer.
# ipchains -A forward -s $INTERNAL -d $ANY -p icmp -j MASQ
# ipchains -A forward -s $INTERNAL -d $ANY -p tcp -b -j MASQ
# ipchains -A forward -s $INTERNAL -d $ANY -p udp -b -j MASQ
# echo 1 > /proc/sys/net/ipv4/ip_forward
echo ""
;;
stop)
echo -n "Shutting down firewall rules"
# Turn off forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
# Set default policies; clear all rules
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -F forward
ipchains -F input
ipchains -F output
echo ""
;;
*)
echo "Usage: firewall {start|stop}"
exit 1
esac
exit 0
The resulting rule list looks like this:
root@apostrophe:/home/david > ipchains -L -n
Chain input (policy DENY):
target prot opt source destination ports
ACCEPT icmp ----l- 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT icmp ----l- 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT all ----l- 10.14.40.0/24 0.0.0.0/0 n/a
ACCEPT all ----l- 10.7.7.10 0.0.0.0/0 n/a
DENY all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
DENY all ----l- 172.16.0.0/12 0.0.0.0/0 n/a
DENY all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
ACCEPT all ----l- 0.0.0.0/0 10.14.40.0/24 n/a
DENY all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
DENY all ----l- 0.0.0.0/0 172.16.0.0/12 n/a
DENY all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
ACCEPT tcp -y--l- 0.0.0.0/0 0.0.0.0/0 22 -> *
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 80 -> *
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 443 -> *
ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> *
Chain forward (policy DENY):
Chain output (policy ACCEPT):
When the machine is moved to a LAN with a real world IP, the
protection against machines with private IPs will be increased. I may
also take measures against certain ping DOS attacks.
What I would like to know is if my rules are in error or if the
problem has to do with my main firewall for the LAN I am setting
apostrophe up on. Do I have to worry about traceroute not working
when I move the machine, or do I need to change the rules now?
--
David Steuber | Hi! My name is David Steuber, and I am
NRA Member | a hoploholic.
http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=hoplite&submit=Look+it+up
The problem with AI is that it has a mind of its own
--- Devon Miller
------------------------------
Crossposted-To: comp.os.linux.networking
From: lgavel <[EMAIL PROTECTED]>
Subject: Re: ipchains, traceroute, and masquerading
Date: Sat, 05 Aug 2000 06:23:36 GMT
David,
It looks like 'apostrophe' has been temporarily
switched to be a client rather than a server
itself. The only ipchains script necessary is on
'interloper'. You just need to indicate to
'apostrophe' that 'interloper' has become it's new
gateway to the internet, just like any other
client. Put in the DNS numbers that Interloper is
using, and this may solve your problem. But, I
could be wrong...
Hope this helps,
Luke
On Sat, 5 Aug 2000, David Steuber wrote:
> I have problems getting traceroute to work on a machine I am setting
> up to be moved to another location. At the moment, it is on a private
> IP LAN going through an ip masquerading router:
>
> apostrophe<------>hub<------->interloper
> |
> DSL
>
> Interloper has no problem pinging www.yahoo.com. Neither does
> apostrophe. However, interloper can traceroute to www.yahoo.com while
> apostrophe can't. I figure I either have a problem with my firewall
> script or the problem will go away when I move apostrophe to a network
> where it will have a real world ip.
>
> DNS isn't working right either.
>
> These are my rules on apostrophe (which will change slightly when the
> machine is moved):
>
> #!/bin/sh
> #
> # firewall This script sets up firewall rules.
>
> # Interface to Internet
> EXTIF=eth0
>
> # Internal network address. For stand-alone machines, delete this and
> # all the "forward" rules.
> INTERNAL=10.14.40.0/24
>
> # Wildcard address
> ANY=0.0.0.0/0
>
> ### For details, see the man page ipchains(1) and
> ### /usr/doc/HOWTO/IPCHAINS-HOWTO -- David.
>
> case "$1" in
> start)
> echo -n "Setting up firewall rules"
>
> # Turn on forwarding to silence warnings...
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> # Set default policies; clear all rules
> ipchains -P input DENY
> ipchains -P output ACCEPT
> ipchains -P forward DENY
>
> ipchains -F forward
> ipchains -F input
> ipchains -F output
>
> ### Spoof protection: Drop obviously suspect packets ###
> ### Any DENY targets should be redundant ###
>
> # Allow all ICMP packets for now
> ipchains -A input -l -i $EXTIF -s $ANY -d $ANY -p icmp -b -j ACCEPT
>
> # Drop packets claiming to be from unroutable addresses
> ipchains -A input -l -s 10.14.40.0/24 -i $INTERNAL -j ACCEPT
> ipchains -A input -l -s 10.7.7.10/32 -i $EXTIF -j ACCEPT
> ipchains -A input -l -s 10.0.0.0/8 -i $EXTIF -j DENY
> ipchains -A input -l -s 172.16.0.0/12 -i $EXTIF -j DENY
> ipchains -A input -l -s 192.168.0.0/16 -i $EXTIF -j DENY
>
> # Drop packets wanting to go to unroutable addresses
> ipchains -A input -l -d 10.14.40.0/24 -i $INTERNAL -j ACCEPT
> ipchains -A input -l -d 10.0.0.0/8 -i $EXTIF -j DENY
> ipchains -A input -l -d 172.16.0.0/12 -i $EXTIF -j DENY
> ipchains -A input -l -d 192.168.0.0/16 -i $EXTIF -j DENY
>
> ### Poke holes in the firewall for usefull services ###
>
> # Allow SSH connections from anyware
> ipchains -A input -l -i $EXTIF -s $ANY 22 -p tcp -y -j ACCEPT
>
> # Allow HTTP and HTTPS connections (duh!)
> ipchains -A input -i $EXTIF -s $ANY 80 -p tcp -y -j ACCEPT
> ipchains -A input -i $EXTIF -s $ANY 443 -p tcp -y -j ACCEPT
>
> # Allow localhost to connect to everything
> ipchains -A input -i lo -d $ANY -p icmp -j ACCEPT
> ipchains -A input -i lo -d $ANY -p udp -j ACCEPT
> ipchains -A input -i lo -d $ANY -p tcp -y -j ACCEPT
> ipchains -A input -i $EXTIF -d $ANY -p icmp -j ACCEPT
> ipchains -A input -i $EXTIF -d $ANY -p udp -j ACCEPT
> ipchains -A input -i $EXTIF -d $ANY -p tcp -y -j ACCEPT
>
> ### FORWARD rules only apply if you have an internal LAN gatewaying
> ### through this computer.
> # ipchains -A forward -s $INTERNAL -d $ANY -p icmp -j MASQ
> # ipchains -A forward -s $INTERNAL -d $ANY -p tcp -b -j MASQ
> # ipchains -A forward -s $INTERNAL -d $ANY -p udp -b -j MASQ
>
> # echo 1 > /proc/sys/net/ipv4/ip_forward
>
> echo ""
> ;;
>
> stop)
> echo -n "Shutting down firewall rules"
> # Turn off forwarding
> echo 0 > /proc/sys/net/ipv4/ip_forward
>
> # Set default policies; clear all rules
> ipchains -P input ACCEPT
> ipchains -P output ACCEPT
> ipchains -P forward DENY
>
> ipchains -F forward
> ipchains -F input
> ipchains -F output
> echo ""
> ;;
>
> *)
> echo "Usage: firewall {start|stop}"
> exit 1
> esac
>
> exit 0
>
> The resulting rule list looks like this:
>
> root@apostrophe:/home/david > ipchains -L -n
> Chain input (policy DENY):
> target prot opt source destination ports
> ACCEPT icmp ----l- 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT icmp ----l- 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT all ----l- 10.14.40.0/24 0.0.0.0/0 n/a
> ACCEPT all ----l- 10.7.7.10 0.0.0.0/0 n/a
> DENY all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 172.16.0.0/12 0.0.0.0/0 n/a
> DENY all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> ACCEPT all ----l- 0.0.0.0/0 10.14.40.0/24 n/a
> DENY all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> DENY all ----l- 0.0.0.0/0 172.16.0.0/12 n/a
> DENY all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> ACCEPT tcp -y--l- 0.0.0.0/0 0.0.0.0/0 22 -> *
> ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 80 -> *
> ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 443 -> *
> ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
> ACCEPT tcp -y---- 0.0.0.0/0 0.0.0.0/0 * -> *
> Chain forward (policy DENY):
> Chain output (policy ACCEPT):
>
> When the machine is moved to a LAN with a real world IP, the
> protection against machines with private IPs will be increased. I may
> also take measures against certain ping DOS attacks.
>
> What I would like to know is if my rules are in error or if the
> problem has to do with my main firewall for the LAN I am setting
> apostrophe up on. Do I have to worry about traceroute not working
> when I move the machine, or do I need to change the rules now?
>
> --
> David Steuber | Hi! My name is David Steuber, and I am
> NRA Member | a hoploholic.
> http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=hoplite&submit=Look+it+up
>
> The problem with AI is that it has a mind of its own
> --- Devon Miller
>
>
------------------------------
From: Lew Pitcher <[EMAIL PROTECTED]>
Subject: Re: How to install new hardware in Linux?
Date: Fri, 04 Aug 2000 21:27:45 -0400
sideband wrote:
>
> "David M. Cook" wrote:
>
> > Tape devices are not mounted.
> >
> > Dave Cook
>
> You haven't read the geek code, have you? ::grin:: I've mounted tapes as
> filesystems several times... Of course, it was quite a few years ago....
Hmmm.... QIC tapes can do this with the proper software, but...
DECTAPE and LINKTAPE before it were 'designed' as linear, mountable
filesystems
--
Lew Pitcher
Master Codewright and JOAT-in-training
------------------------------
From: E J <[EMAIL PROTECTED]>
Subject: Re: Real Audio on Linux
Date: Sat, 05 Aug 2000 00:31:19 -0700
Pjtg0707 wrote:
> I am wondering if anyone has gotten real audio to work on linux without the
> true color yet? Is there a linux streaming audio player besides real audio
> that are less stringent on the video requirements?
I got Real Player 7 to work. My video is set to 800x600 at 16bit colors.
Yes, I have plugger as a plug in for netscape. It does stream mp3 audio with
the suffix .3mu to the linux mp3 player mpg123
------------------------------
From: E J <[EMAIL PROTECTED]>
Subject: Re: Answer machine s/w
Date: Sat, 05 Aug 2000 00:38:19 -0700
Vasilis Serghi wrote:
> Is there any s/w available for use as an answer machine?
>
> I have Mandrake 7.0 with Kvoice, but it won't work properly. Just
> wondering if there are any alternatives.
`vgetty' is an extended version of
mgetty that can answer the telephone like an answering machine and
record a voice-mail message (if it finds one), or perform `mgetty's
fax or data call handling otherwise. The mgetty+sendfax distribution
includes vgetty and a good-sized gob of utility programs that help you
manage faxes and voice messages.
------------------------------
From: E J <[EMAIL PROTECTED]>
Subject: Re: Good alternative to outlook.
Date: Sat, 05 Aug 2000 00:44:18 -0700
Kevin Meegan wrote:
> Is there a mail tool, commercial or non-comercial
> which I can deal with outlook task or meeting messages
> with IMAP for linux? I am trying to finally disgard
> my NT4 partition, but this is the only thing that I
> currently cannot use linux for.
HP Openmail for Linux.
------------------------------
From: [EMAIL PROTECTED] (Trevor Brown)
Subject: Re: How to install new hardware in Linux?
Date: 5 Aug 2000 07:57:34 GMT
What flavour of Linux are you using? Red Hat 6.2 will take care of some
of that for you, in the same way that Windows 95 Plug 'N' Play would.
Trevor
[EMAIL PROTECTED] wrote:
: I am sure that this sounds like a dumb question, but if you have
: physically installed the hardware -- how do you then install it
: in Linux. I mean things like sound cards, video cards, keyboards,
: mice, printers, modems, network cards, etc. Thanks.
: --
: Neil
--
Trevor
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
