Linux-Networking Digest #687, Volume #9 Sun, 27 Dec 98 12:13:22 EST
Contents:
IP (J v/d Heijden)
PPP problem ("Andrew L. Kopec")
Re: Networking Linux and Windows ("Moshe Bar")
Re: How do you do multiple ISPs through PPP. ("Kent Overstreet")
Re: mgetty buffer overflow security hole? ([EMAIL PROTECTED])
Re: @home & mail/news (Don O'Connell)
Re: Connecting to the @Home network/General network configuration (Don O'Connell)
Re: Easy UNIX editor (CSO Visitor)
SMBMOUNT complaining about mount ver. 6 (Scott Gregg)
Re: Ethernet Card problems (Harry Dekkers)
Re: Calling On ipfwadm Gurus! :) ([EMAIL PROTECTED])
pppd problem ("Aeneatore")
Re: TCP/IP between Linux and Win95 problem... :-( ("Raymond Dobbs")
Re: Connecting Linux to a Wingate proxy... (Kevin Martin)
Re: Can anyone tell me how can I setup the dialup network connection in linux (Brett
W. McCoy)
Re: Calling On ipfwadm Gurus! :) (Wisquatuk)
Re: @home & mail/news (John Mellor)
----------------------------------------------------------------------------
From: J v/d Heijden <[EMAIL PROTECTED]>
Subject: IP
Date: Sat, 26 Dec 1998 14:37:43 +0100
Everytime i login on my ISP i receive a different IP number
I can't receive emails on my linux comp
is there a way to combine linux standard mail with email?
------------------------------
From: "Andrew L. Kopec" <[EMAIL PROTECTED]>
Subject: PPP problem
Date: Sun, 27 Dec 1998 13:40:06 GMT
I have installed Caldera's OpenLinux 1.3. I tried to
configure PPP using vi command as shown on the instructions from the manual
and books, using KDE's PPP program, and X Window's X-ISP but nothing seem to
work.
According to both KDE and X-ISP, I was able to connect to my ISP server but
dropped to dead after 30 seconds. I am not exactly sure what's wrong.
I discovered that my modem was not set up so I had to run LISA to set it up
but found that a few modems are listed.
I sent the e-mail to my ISP administrator and he said that he's not familiar
with LINUX. He said that several of his LINUX customers are connecting to
his server without any problem. He gave me the procedure to make sure how
to set up PPP properly. It's the same method I use to set it up in Windows
98/98 and NT. I don't have any problem with 95/98 and NT so far.
I am going to give you the information about my modem and ISP's settings.
My modem is USR Sportster 33.6 internal. (It's not in LISA so I tried both
Hayes comptabile and not on the list)
My ISP -- IPs are automatically assigned so it has to be dynamic IP.
Only DNS entries are required (there's 2 entries) and I am
postivie they are correct.
Domain name and host name are required to be entered along
with DNS entries.
I am using XON/XOFF handshake instead of RTC/STC(?). I have tried both but
no luck.
I have set the speed to 38400 instead of 57600.
Any suggestion? I can't wait to run PPP via LINUX.
Later!
--andrew
PS: My e-mail address is [EMAIL PROTECTED] Thanks!
------------------------------
From: "Moshe Bar" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux
Subject: Re: Networking Linux and Windows
Date: Sun, 27 Dec 1998 16:10:18 +0200
You will need a proxy server for your win machine.
Why not let linux be the router to the internet? You just need to connect
and then:
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
If all Win machine have your linux IP as their gateway then, they can all
use the same connection, sharing with linux
Moshe Bar
Todd Smith wrote in message <[EMAIL PROTECTED]>...
>I have a windows95 machine and a linux machine. I also have a 2 3com
>10baseT ethernet cards and a hub. I need help getting linux set up to
>use the hub and to be seen on the network by my windows machine. I would
>also like my windows machine to dial up to the internet and have linux
>get access to the net from across the network. Thanks for any help
>
>--
>_______________
>Todd Smith
>Perl Programmer
>ITC^Deltacom
>
>
------------------------------
From: "Kent Overstreet" <[EMAIL PROTECTED]>
Subject: Re: How do you do multiple ISPs through PPP.
Date: Sun, 27 Dec 1998 05:23:43 -0900
I don't know enough about linux to know if this would work but I've done
stuff like this with dos/win31. Set up a different ppd script for each isp,
and add lines in each one to copy a custom resolv.conf, say from
resolv1.conf to resolv.conf.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.unix,comp.security.misc,alt.security
Subject: Re: mgetty buffer overflow security hole?
Date: Sun, 27 Dec 1998 14:25:28 GMT
In article <[EMAIL PROTECTED]>,
rjclay <[EMAIL PROTECTED]> wrote:
> I'm not, since that is what your installation was configured to do.
>
> You had not looked at the configuration for your mgetty before this?
hehe, you're right. The computer did that because it was configured to do so.
Or almost, because ifmail was not installed.
In fact, I did not notice that /FIDO/ line before. My fault.
On the other hand, anyone that installs the mgetty RPM will have the same
situation: FIDOnet allowed by default. So this is a warning... someone else
noticed this and tried it against my computer. They may be trying against many
other computers as well.
Finally, the possible buffer overflow attempt should be noted; I don't have
experience with C programming so I would appreciate if someone could evaluate
the possible risk.
Bill.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Don O'Connell)
Subject: Re: @home & mail/news
Reply-To: donroc @ home.net
Date: Sun, 27 Dec 1998 14:41:27 GMT
>Niels Voorhoeve ([EMAIL PROTECTED]) wrote:
>: Hi,
>:
>: I've got my Intel EtherExpress Pro 10+ card working, but only for the
>: Web. News and Mail don't work. I get an error that my news server
>: (news for @home) doesn't have a DNS address. What gives? Does this
>: have something to do with the proxy server?
>
You can not use the entries that you put into the @home modified windows
netscape, they have real names.
mail has this real addr on my system -> lh1.rdc1.tx.home.com
The same applies to news. These are "conveniences" for windows users.
They do not work the same way under stock netscape for linux.
Find the real network addr and put it into netscapes preferences.
--
Don O'Connell -- email - donroc @ home.net
------------------------------
From: [EMAIL PROTECTED] (Don O'Connell)
Crossposted-To: comp.os.linux.help
Subject: Re: Connecting to the @Home network/General network configuration
Reply-To: donroc @ home.net
Date: Sun, 27 Dec 1998 14:46:36 GMT
On Sun, 27 Dec 1998 02:41:13 GMT, Stephen Hladek <[EMAIL PROTECTED]> wrote:
>Hi there,
>
>I've got a 3com 905B NIC hooked up to my Cybersurfer cable modem and trying
>to configure linux to use the cable to access the net. It detects the card
>fine. I'm able to ping the machine..but after that I can't get anywhere ..
>not even ping the gateway.
>
>I'm using RH5.2.... Some information that may be relevant:
>
>IP Address 24.3.137.123
>Gateway 24.3.137.1
>Computer name cc675029-b
>Domain name narltn1.nj.home.com
>subnet mask 255.255.255.0
>DNS server 24.3.144.33
>
>I entered this information into the relevant fields in netcfg... but still
>no go... Any help will be most appreciated.
>
>Instead of this, I can also use DHCP...but that's also a no go as well. I've
>read all the available FAQs , HOW-TOs.
>Thanks!
>
>
>
I have had the same problem and have gone back to using an older isa card.
The only other thing that I noticed is that when pinging anything with the
3c900 is that the cable modem was flash (implying that the card was sending
packets, but I never got any returned). This problem has persisted from
kernels 2.1.12x -> 2.1.132.
--
Don O'Connell -- email - donroc @ home.net
------------------------------
From: CSO Visitor <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.misc,comp.os.linux.portable,comp.os.linux.powerpc,comp.os.linux.setup
Subject: Re: Easy UNIX editor
Date: Sun, 27 Dec 1998 05:12:19 -1000
> > N. Richard Caldwell wrote:
> > >
> > > In article <72clf2$[EMAIL PROTECTED]>,
> > > >Lionel Parker wrote in message <72b2gi$om1$[EMAIL PROTECTED]>...
> > > >>I have to go along with this. vi uses less keystrokes than any other
> > > >>editor I know. As a ratshit typist this is most inportant to me.
> > > >
> > > >Well, actually there is one bug/feature in vi that drove me nuts:
> > > >To insert *ONE* character you have to type *THREE* keys: "i", the character,
> > > >and "ESC".
> > >
> > > Inserting one character is a worst case proposition for vi. Whatever
> > > time you lose in those rare instances is recouped 1000 times over
> > > during normal use simply because it's so efficient in most other
> > > respects.
> > >
This is hardly a "rare instance"! I spend a good fraction of my vi
time doing it. Is there a way to make a vi macro or somesuch to get
around this problem?
thx
------------------------------
From: [EMAIL PROTECTED] (Scott Gregg)
Subject: SMBMOUNT complaining about mount ver. 6
Date: Sun, 27 Dec 1998 10:19:35 GMT
smbmount is complaining about needing mount version 6, I have the
latest I can find, mount ver 2.9g.
not sure where to go from here any suggestions would be appreciated
------------------------------
From: Harry Dekkers <[EMAIL PROTECTED]>
Subject: Re: Ethernet Card problems
Date: Sun, 27 Dec 1998 16:17:57 +0000
John Hemmings wrote:
> I have a ENW-8300-T Ethernet card which is also a Realtek RTL8029. Has
> anyone any ideas how to set this up under Linux. It works fine under W95
> using the disk that came with it.
>
> BTW, there are some files for SCO Unix on the disk, would they help?
>
> Regards
> John Hemmings
I've a realtek ethernet card and in the beginning I had problems too. The
realtek card is PnP so w95 can recognize the card but linux can't understand
PnP. With the setup disk you can change PnP to manual and after starting
linux you can install the card. I don't now how to do that (i'm a newbie) so
i reinstall linux and everything works fine for me. W95 don't recognize the
card anymore so you must detect new hardware and install the card again.
Hopes this helps.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Calling On ipfwadm Gurus! :)
Date: Sun, 27 Dec 1998 15:07:49 GMT
In article <76533p$rbv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Ki-Won Lee) wrote:
> ipfwadm -I -o -a deny -P icmp -S 0.0.0.0/0 8 -D <my.ip.address>/32
> ipfwadm -I -o -a reject -S 0.0.0.0/0 -D <my.ip.address>/32
>
> Can someone please tell me as to why I can't
> have net access and have those ipfwadm entries at the same time? Should I
> change the parameters of the ipfwadm entries somehow to be able to do so?
I am no guru, so maybe one of them might offer more help... :-)
You should specify the ports and protocols you want to restrict. Your second
line does not include ports, therefore =all= access to your server is
rejected. The first line seems to block ping as you intended.
Example: if you wish to allow yourself telnet access to your server, but block
everyone else -- let's suppose you wish to telnet from <remote.authorized.pc>
(substitute the IP).
Then you would use:
ipfwadm -I -a accept -S <remote.authorized.pc> -D <my.ip.address>/32 23 -P tcp
ipfwadm -I -a reject -S 0/0 -D <my.ip.address>/32 23 -P tcp
in that order. Since the kernel scans the ipfw table in order, the first
matching line would allow your authorized PC while blocking all others.
Note the port number (23 is the telnet port number) immediately after
<my.ip.address>/32. It would be 80 for httpd, 21 for ftp, 53 for named, etc.
You should use one separate line (or couple lines) for each port or service.
Also notice the protocol (TCP in that case of telnet. Use -P udp for udp
service ports. Check /etc/services combined with /etc/inetd.conf and ps aux;
or use a scanner against your own computer to see what tcp and udp ports are
running before coding the ipfwadm lines. /etc/services will list port
numbers versus service names.
If you wish to allow a subnet instead of a single pc, just add the mask (in
the example below, you would authorize a full class C -- note the /24 in the
first line):
ipfwadm -I -a accept -S <remote.authorized.pc>/24 -D <my.ip.address>/32 23
ipfwadm -I -a deny -S 0/0 -D <my.ip.address>/32 23
I prefer "deny" instead of "reject", because it silently refuses the
connection (while "reject" issues an error packet). "deny" mimicks no
available service in that port.
And you can use multiple "ipfwadm -I -a -accept" lines before the "reject"
line above. I use that to allow multiple hosts and subnets to access a
server.
You can use a script with many lines -- at least one for each port/service
that you wish to block or allow.
BF.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Aeneatore" <[EMAIL PROTECTED]>
Subject: pppd problem
Date: Sun, 27 Dec 1998 10:27:31 -0500
OK - here is the great problem!
I am currently connected to the internet through win95 dial-up networking.
However, I am trying to get PPP up on Linux. PPP is compiled into the
kernel - I have PPP version 2.3.1 - yes, the beta. I got my PnP modem
working with Linux, making me feel very proud. However, when I connect to
my ISP using kppp, minicom, ddial, or ezdial, and start a PPP session, the
ppp daemon dies. This especially upsets me when I use ezDial, because the
terminal screen says 'pppd really did die.' Well, though I don't like the
feelings engendered by the remark, I'll go on.
OK, I have a kppp script all ready to go. I have PPP set up, and the
connection goes all the way down to the garbage characters. When pppd kicks
in, it DISCONNECTS me from my ISP <it's not a PAP/CHAP thing>. This ONLY
happens when pppd kicks in. I've tried this manually with minicom and it
STILL does it.
The commands I use are:
pppd -d -detach /dev/ttyS3
PPP is definitely set up in my kernel! Additionally, if I just run pppd
without any commands, garbage characters come up on the screen. Please, oh
Linux gods, help me.
------------------------------
From: "Raymond Dobbs" <[EMAIL PROTECTED]>
Crossposted-To:
linux.redhat.axp,linux.redhat.install,linux.redhat.list,linux.redhat.misc,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: TCP/IP between Linux and Win95 problem... :-(
Date: Sun, 27 Dec 1998 10:09:49 -0600
Hint:
Never use 0 anywhere in a machine's assigned IP address
0 is reserved to indicate a NETWORK WIDE broadcast. Use a 1 -254 =
instead. 255 is a no-no too...
Hope it helps
Raymond Dobbs
Jon D. Slater wrote in message <75bdfk$s6d$[EMAIL PROTECTED]>...
>I have a Linux box and a Win95 box networked using a NE2000 clone in =
each box.
>
>I set up TCP/IP on both machines and named the Linux box 192.168.0.1 =
and the=20
>Win 95 box 192.168.0.2.
>
>When I try to ping the Win95 box from the Linux box, it just sits there =
until I=20
>CTRL-C then I get a message: 100% packet loss.
>
>But, when I try to ping the Linux box from the Win95 box (5 times in a =
row) I=20
>get:
>
------------------------------
From: [EMAIL PROTECTED] (Kevin Martin)
Subject: Re: Connecting Linux to a Wingate proxy...
Date: Sun, 27 Dec 1998 16:03:31 GMT
In article <[EMAIL PROTECTED]>, it says "Dennis M. Gray"
<[EMAIL PROTECTED]> wrote:
>Patrick,
>
>Some of the replies suggested using Sygate instead of Wingate. I don't have any
>experience with Sygate but have set up Wingate on a network consisting of an
>NT Server as the proxy with a number of Unix boxes using it, including one
>running Linux (others are Digital Unix, Sun, SCO). All work just fine. We are
>not using any of the fancy stuff with Wingate, though, like DHCP.
Or Lotus Notes. :-)
>
>So, unless you have any real reason for services Sygate might offer, I don't
> see a reason for changing if you are already using Wingate.
Apples and oranges, really. I've used both. Sygate is about as close as
you'll come to having NAT / IP masquerade on a Windows box. Wingate is a
proxy, and the configuration of the apps on your client boxes is quite
different. It's a minor pain in the tush for most ftp clients, and a major
one for anything more elaborate than that. IP Masq on Linux let me take the
modem off of my Lotus Notes machine, and when I had to switch to using a
Windows box as my gateway*, Sygate that meant I didn't have to put it back.
Personally, I still think that anyone who has both a Linux box and a Windows
box, and is using the Windows box to do the dialling, has set things up
backwards. (*I have to use the Windows box to dial out because of a chunk
of hardware that won't work under Linux. I'd drop both Sygate AND Wingate
in a hot second, if I could.)
--
Kevin Martin No-spam zone.
<brasscannon No prisoners. No warning shots.
@usa.net>
------------------------------
From: [EMAIL PROTECTED] (Brett W. McCoy)
Crossposted-To: alt.linux,alt.os.linux,hk.comp.os.linux,tw.bbs.comp.linux
Subject: Re: Can anyone tell me how can I setup the dialup network connection in linux
Reply-To: [EMAIL PROTECTED]
Date: Sun, 27 Dec 1998 16:25:22 GMT
On Sun, 27 Dec 1998 14:29:29 +0800, ys200mass <[EMAIL PROTECTED]> wrote:
>Can anyone tell me how can I setup the dialup network connection in linux
Take a look at the PPP-HOWTO, available at
http://metalab.unc.edu/LDP/HOWTO/PPP-HOWTO.html
(Sunsite)
It'll tell you just about everything you need to know about setting up the
PPP connection.
--
Brett W. McCoy
http://www.lan2wan.com/~bmccoy/
=======================================================================
"The number of UNIX installations has grown to 10, with more expected."
-- The UNIX Programmer's Manual, 2nd Edition, June, 1972
=====BEGIN GEEK CODE BLOCK=====
Version: 3.12
GAT dpu s:-- a C++++ UL++++$ P+ L+++ E W++ N+ o K- w--- O@ M@ !V PS+++
PE Y+ PGP- t++ 5- X+ R+@ tv b+++ DI+++ D+ G++ e>++ h+(---) r++ y++++
======END GEEK CODE BLOCK======
------------------------------
From: Wisquatuk <[EMAIL PROTECTED]>
Subject: Re: Calling On ipfwadm Gurus! :)
Date: 27 Dec 1998 16:23:37 GMT
Ki-Won Lee <[EMAIL PROTECTED]> wrote:
> I had put in my rc.local these entries:
>
> ipfwadm -I -o -a deny -P icmp -S 0.0.0.0/0 8 -D <my.ip.address>/32
> ipfwadm -I -o -a reject -S 0.0.0.0/0 -D <my.ip.address>/32
>
[...]
> Dec 26 06:28:08 HAL kernel: IP fw-in rej eth0 UDP 24.64.3.104:53
> 24.64.14.87:1036 L=155 S=0x00 I=5825 F=0x0000 T=58
I'm fairly new to firewall administration myself, and I'm currently
using the 2.1 kernels (using ipchains instead of ipfwadm), so feel
free to take anything I say about the matter with a grain of salt.
I've tried to test most or all of the ipfwadm commands below, though,
since I still have one machine on 2.0.35 (waiting for a bug in 2.1.131
to be fixed).
Well, as you can see from the 'rej' part, it's the second rule that's
doing you in. The thing is, installing an input-reject rule doesn't
just block incoming connections, it blocks all incoming data on the
ports you've specified. In this case, you've specified every port, so
you've locked yourself out of the net, in essence.
I'm not entirely sure what you hoped to accomplish by running that,
but if you were trying to lock people out of the basic system
functions, I believe outbound connections start happening at 1025 and
up, so you might try the following:
# ipfwadm -I -o -a reject -P tcp -S 0.0.0.0/0 -D <my.ip.address>/32 1:1024
I've been told it's actually a better idea to deny individual ports,
rather than denying them as one large lump. For that, you'd do
something like this:
# ipfwadm -I -o -a reject -P tcp -S 0.0.0.0/0 -D <my ip address>/32 telnet
# ipfwadm -I -o -a reject -P tcp -S 0.0.0.0/0 -D <my ip address>/32 www
And so on. (This has the added benefit of not spewing 1024 reject
entries to the logfile when someone does a portscan of your machine.)
The ICMP line (your first entry) is less of a problem, but will
prevent you from pinging any machine in the outside world, for the
same reasons as above. I assume you intend to prevent people from
pinging you, in which case, I suggest the following:
# ipfwadm -I -o -a deny -P icmp -S 0.0.0.0/0 8 -D <my ip address>/32
This will reject all packets coming in on the echo-request (ping) ICMP
port (8), but will not bother packets on the echo-reply (pong) port
(0). Alternately, you could block everything except port 0 with:
# ipfwadm -I -a accept -P icmp -S 0.0.0.0/0 0 -D <my ip address>/32
# ipfwadm -I -o -a deny -P icmp -S 0.0.0.0/0 -D <my ip address>/32
All echo-replies (port 0) will match the first rule; all other ICMP
packets will match the second, and be rejected. I don't know what the
practical use for this would be, though, as I believe other important
info travels via ICMP (such as 'host unreachable' messages, etc.).
Hope this helps!
--
Wisquatuk (name[1..4]@netrover.com to e-mail)
------------------------------
From: [EMAIL PROTECTED] (John Mellor)
Subject: Re: @home & mail/news
Date: Sun, 27 Dec 1998 15:50:49 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Don O'Connell) writes:
|> >Niels Voorhoeve ([EMAIL PROTECTED]) wrote:
|> >: I've got my Intel EtherExpress Pro 10+ card working, but only for the
|> >: Web. News and Mail don't work. I get an error that my news server
|> >: (news for @home) doesn't have a DNS address. What gives? Does this
|> >: have something to do with the proxy server?
|> You can not use the entries that you put into the @home modified windows
|> netscape, they have real names.
|> mail has this real addr on my system -> lh1.rdc1.tx.home.com
|>
|> The same applies to news. These are "conveniences" for windows users.
|> They do not work the same way under stock netscape for linux.
|> Find the real network addr and put it into netscapes preferences.
They work for me! If site "news" doesn't connect to the correct news server,
then somebody broke the DNS for your area. It should be a CNAME for the
appropriate server. Do an nslookup on the name and see what you get back. in my
case (using Linux with a caching nameserver):
$ nslookup news
Server: localhost
Address: 127.0.0.1
Name: news1-temp.rdc1.on.wave.home.com
Address: 24.2.9.64
Aliases: news.ktchnr1.on.wave.home.com, news.rdc1.on.wave.home.com
$
--
John Mellor [EMAIL PROTECTED] Kitchener, Ontario, Canada
[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.kitchener.com/mellor/
[EMAIL PROTECTED] http://www.mellor.kw.net/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
