Linux-Networking Digest #729, Volume #9 Thu, 31 Dec 98 23:13:34 EST
Contents:
Ip masq.....again (mike dombrowski)
Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH ("Eric A. Hall")
Can't telnet to linux machine after upgrading to RH5.2 (Randall Wilkinson)
Re: masquerading/forwarding - routing problem? ("Nick Short")
Re: Modem choice for Linux (Paul B. Brown)
IPX and IP on 3c905b and Caldera ([EMAIL PROTECTED])
Re: IP alias (Job eisses)
is 3com OfficeConnect 10/100 card supported? Which chipset does it use? ("Anthony M.
Bray")
Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH (Dan Kegel)
Re: No ethernet on RH 5.2 -- SIOCSIFLAGS?? ("Erik H. Beck")
Re: 3com 905b problems... (they keep coming!) ("Erik H. Beck")
Re: NOSPAM in addresses.. (Marc)
Re: NOSPAM in addresses.. ([EMAIL PROTECTED])
Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH ("Eric A. Hall")
Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH (Chetan Patil)
Re: Fat 32??? (Roy Prowell III)
Re: Quick-n-Dirty Secure Card Dialup (Clifford Kite)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (mike dombrowski)
Subject: Ip masq.....again
Date: Fri, 01 Jan 1999 02:16:24 GMT
Hello LinuxPeople!
I have a linux box with two network cards in it. It's running RH4.2
and can ping both nets(right word??) that it is connected to. I also
have a cable modem and a win98 machine serving up proxy. The machine
is short on disk space, 2x 116mb hard drives, and ram, 8mb, but runs X
pretty well. If I want it to do IP masq I should read the ipmasq howto
on the rh4.2 cd right? Do I have to recompile the kernel? I ask
because it has no c/c++ compilers on it, they were left off to save
space. The win box is a 350P2 with 64mb ram, would the linux box offer
the same level of performance if it was running ip masquerding? Can IP
masq masquerade between multiple network cards?
Thanks so much
Mike Dombrowski
------------------------------
From: "Eric A. Hall" <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.tcp-ip
Subject: Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH
Date: Thu, 31 Dec 1998 17:50:08 -0800
This looks fine to me. Check the following:
1) Verify the routing table on 141.131.40.1 is configured properly.
Try sending a ping to 141.131.40.32, and watch the traffic using
TCPDUMP. ARP doesn't use IP, so that doesn't matter.
2) Verify that the Telnet server is running on 141.131.40.1. Try to
Telnet to the ECHO, CHARGEN or DISCARD ports on that host.
3) Double check security settings on the Telnet server and the
IPFWADMIN service if that's installed. Can you telnet to the box
from 141.131.40.32? If that doesn't work there's your answer. If
it does work, that's not the problem since the NAT traffic has
the same address.
4) Compare TCPDUMP output from step 3 and the original session.
See anything different?
5) Double check the checksum calculations on the packets generated
by the NAT.
Good luck.
--
Eric A. Hall [EMAIL PROTECTED]
+1-650-685-0557 http://www.ehsco.com
------------------------------
From: [EMAIL PROTECTED] (Randall Wilkinson)
Subject: Can't telnet to linux machine after upgrading to RH5.2
Date: Thu, 31 Dec 1998 21:30:49 GMT
I had RH5.1 installed on a network machine, and I could telnet to the
machine OK. Then I updated to RH5.2 and I cannot telnet to this
machine now. When I try to connect, my telnet client says "Connection
Refused".
On the machine that I am trying to connect to:
/etc/hosts.deny says:
ALL: ALL
/etc/hosts.allow says
ALL: 10.0.0.
All machines on our private network have IP addresses that start with
10.0.0
If you have any suggestions as to what I might try to fix this, I'd
appreciate it.
------------------------------
From: "Nick Short" <[EMAIL PROTECTED]>
Subject: Re: masquerading/forwarding - routing problem?
Date: Thu, 31 Dec 1998 20:58:08 GMT
You did remember to set the -W switch?
Here is the ipfwadm line I use...
ipfwadm -F -a accept -m -S 192.168.2.0/24 -W eth0
eth0 is the NIC card bound to the @home static IP, of course, yours may
vary. This masquerades the source through the eth0 device (which is your
gateway port to the internet), otherwise, the port won't pass the
non-routable 192.168.x.x addresses.
David Khait wrote in message <[EMAIL PROTECTED]>...
>Hi!
>
>I'm setting up IP Masquerading and I'm almost done. My linux box can
>talk both to the LAN and to the Internet. However, packets from LAN
>machines never go outside for some reason. Is this a routing problem?
>
>Here are some configuration details for my Linux box:
>
>eth0 connected to cable modem (on outside ip addr - 24.3.42.203)
>eth1 connected to local lan (192.168.1.1)
>
>routes summary:
>Destination Mask Dev
>192.168.1.0 255.255.255.0 eth1
>24.3.42.0 255.255.255.0 eth0
>and loopback, etc.
>
>ipfwadm -F -l returns:
>IP firewall forward rules, default policy: deny
>type prot source destination ports
>acc/m all 192.168.1.0/24 anywhere n/a
>
>tcpdump -i eth1 shows packets arriving and dns translation being
>performed for i.e. ftp requests from my client. However, tcpdump -i
>eth0 shows no activity beyond normal requests by ISP's gateway.
>
>Any help is greatly appreciated, even if you can suggest another way to
>debug this problem.
>
>Thanks a lot!
>
>Boris
------------------------------
From: [EMAIL PROTECTED] (Paul B. Brown)
Subject: Re: Modem choice for Linux
Date: 31 Dec 1998 22:06:49 GMT
>> Good, inexpensive v.90 modems: ZOOM and Supra. Get the non-PNP
>> versions.
>
> Zoom is one brand I always tell people to stay FAR away from. Most of
> the problems I had when running a BBS were caused by users of Zoom
> modems. The Supra is nice though, I had one of those too.
Kazin,
Really, hummm . . . I use a ZOOM 56KFLEX model 2919 and I stay connected
24x7. Usually the line will drop maybe 3 - 10 times a month for a few
minutes each time and everytime has been my own silly fault or the ISP
cycled their terminal server. Strange . . . . Maybe yu got a bum modem
and I get a good one. Go Figure! :-)
Paul
===========================================================================
Paul B. Brown [EMAIL PROTECTED]
President
Brown Technologies Network, Inc. http://www.btechnet.com/
Unix Systems Administration "Sailing is a state of mind . . . ."
===========================================================================
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: IPX and IP on 3c905b and Caldera
Date: Fri, 01 Jan 1999 02:37:41 GMT
Hi All
I am new to Linux, but have worked on Solaris and AIX. I have a
Netware 5.0 server that 1. I can't connect to via IPX, 2. can ping it
though, it is my gateway to the internet.
Second, I notice that the the downloads are slow, they start fast and
gradually slow down. At first I thought it may be the internet or my
cable modem, or even the Netware gateway, but then I tried a Win95
machine and it had no problem, sustained rate stayed up there. Using
the TCPCON, Netware utility to monitor TCP/IP packets I noticed I was
getting a lot of errors. I shouldn't be getting any errors on a 2
machine network. I am starting to think it may be the NIC, or at least
Linux support for the NIC. Any ideas? Right now I believe it is set on
PnP, and auto negotiate 10/100.
I am thinking/hoping, that this will fix the IPX problem as well.
Well thanks all
Brett Littrell
[EMAIL PROTECTED]
------------------------------
From: Job eisses <[EMAIL PROTECTED]>
Subject: Re: IP alias
Date: Fri, 01 Jan 1999 03:37:09 +0100
Jeff Taylor wrote:
>
> Is it possible to have a network interface respond
> to more than 1 IP address. I am working thru the
> Apache book. They use BSD ifconfig which allows
> IP aliases. Can this be done in Linux. I am using
> Slackware 3.3 (3.6 is sitting here waiting for me
> to do the backups and installation).
>
> Thanx
> Jeff
After eth0 is set up, you can use
ifconfig eth0:0 <ipaddr> ....
-job
------------------------------
From: "Anthony M. Bray" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: is 3com OfficeConnect 10/100 card supported? Which chipset does it use?
Date: Fri, 01 Jan 1999 02:54:31 +0000
A friend of mine got a 3com OfficeConnect 10/100 card a couple of weeks
ago and we're trying to figure out if it's supported under linux. The
chip doesn't have a 'number' like the other 3com cards do, it just says
'Parallel Tasking II'. Is this a new model of card or something? I
have been unable to find info available for it (not even very much on
the 3com website). I'm thinking that it's a 905, but I'm unsure.
This is the last hardware compatibility issue to clean up before we
install linux on his machine. TIA for any help.
Anthony
------------------------------
From: Dan Kegel <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.tcp-ip
Subject: Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH
Date: Thu, 31 Dec 1998 18:49:46 -0800
Chetan Patil schrieb:
> Box1 <-- ethernet1 --> i1 - Box2 - i2 - <===== ethernet2 =======>Box3
>
> ... When I ran "cold" and tcpdump on Box3, I see that the packets from Box1
> (with the source address of Box2's i2 IP address) appear in the trace.
> However I don't see any response packets from Box3. It simply seems to
> be dropping the packets. ...
>
> - Is there something wrong in this approach?
Nope. This is fine.
> - Am I screwing up the Packet integrity by overwriting the IP address?
Nope. Not unless you're screwing up the IP and TCP checksums.
I have Perl code for checking them, if you're interested.
> - How do I make the linux networking stack dump out the reason why it is
> dropping a packet?
If you figure it out, let me know.
I'm having the same problem as you! In my case, the NAT is an
off-the-shelf copy of Sygate running on a Win95 machine.
Here's a copy of my earlier post on the subject (thanks, DejaNews):
Subject: Re: NAT1000 vs. Sygate vs. NAT32 vs. Masq
> >Sygate installed easily, but it has wierd, wierd problems.
> >Clients behind the Sygate can't make TCP connections to
> >most machines on my own LAN!
My setup involves two LANs connected by a Sygate gateway.
The connections I'm having trouble are from a client
inside the Sygate to a server outside - but only just barely
outside - the Sygate. In ASCII art, that's:
Firewall hub ------+--------------+-------------
| |
Cisco PIX Server C
|
Outer LAN hub -----++--------------+------------+
| | |
Sygate S Server B Monitor M
|
Inner LAN hub ------+---------------+-------------
|
Client A
Tried connecting with Telnet to port 3000 and watching for
rejection. (Can also try connecting to web server, same
results.)
Works:
A -> S
A -> PIX
A -> B
A -> C
S -> C
Doesn't work:
A -> B when S is Sygate; works when S is NAT1000
Running tcpdump on machine M reveals that the SYN packets get
to B, but *B does not respond* when S is Sygate. B responds
fine when S is NAT1000 or IP Masq.
I'd like to be able to set a breakpoint or something like
that in B's packet handling routines to see what it does
when it gets that SYN packet. Maybe I'll get so ambitious...
Yes, I know about tcpdump. Haven't tried running it on
same machine I'm connecting to; that would at least tell
me if the SYN was received (I already know *other* machines
see the SYN go by). I'll do that Monday.
[Never did it. Got too busy. ]
- Dan
[Original thread archived at
http://www.dejanews.com/dnquery.xp?search=thread&[EMAIL PROTECTED]%3e%231/1&svcclass=dnserver
]
--
Speaking only for myself, not for my employer
------------------------------
From: "Erik H. Beck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: No ethernet on RH 5.2 -- SIOCSIFLAGS??
Date: Thu, 31 Dec 1998 21:56:55 -0500
JMV wrote:
>
> I can't get my ethernet card to work on RH 5.2. It's an AT 2450 (AMD PCnet
> PCI) and i'm using the pcnet32 driver. It worked on Caldera Open Linux.
>
> When I startup Linux and type "ifconfig eth0" it reports all the correct
> information. If I try to use netscape though, i get a TCP error message
> (telnet won't work either). If I try to activate the card using netcfg (I
> get this error whether it says it is active or not), the xterm window
> reports something like unable to activate eth0 SIOCSIFLAGS Resources
> unavailable. What does that mean?
>
> Also now if I type "ifconfig eth0" i will either get "unknown device eth0"
> or sometimes I get some info about eth0 but now all the IP, Gateway, info
> has been set to 0.0.0.0...
>
> One problem might be my SCSI adapter. It is assigned the same IRQ. Is there
> a way to prevent Linux from recognizing / starting up my SCSI card. I would
> like to avoid pulling it out right now if possible. What does that kernel
> daemon do??? If I try and remove the SCSI module, save, and close it doesn't
> work. When I re-open kerneld the scsi module is listed again.
>
> Like I said. It all used to work using COL 1.2 and 1.3 . Shouldn't RH 5.2 be
> able to handle this? Or should I just go back to COL 1.2?
>
> Thanks.
>
> JMV
>
> P.S. I have the official RH 5.2 and I sent their tech support this question
> 2 days ago and I have yet to hear back from them......
I had the same problem with a "tulip" PCI ethernet card, my SCSI card,
and my video PCI card: all shared IRQ 10. This ethernet card worked
fine on Windows NT, but Linux barfed on it. I did receive some
suggestions on how to fix it by tweaking the driver files, but I decided
to pull the PCI ethernet card and replace it with an ISA card, since on
my system that is the only way I could be sure that the ethernet
adaptor could have its own IRQ.
erik
--
Erik H. Beck
[EMAIL PROTECTED]
------------------------------
From: "Erik H. Beck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: 3com 905b problems... (they keep coming!)
Date: Thu, 31 Dec 1998 21:53:27 -0500
Michael Schwager wrote:
>
> Hi all (mr becker included :))
>
> After reading through all the posted message on people with 3com's
> 905b-tx ethernet cards, I still did not find my answer, but it came
> close.
>
> I have a kernel (rh 5.1 ver 2.0.34) with the latest driver (3c59x.c)
> only built in (I have 2 ethernet cards in my system, but I'm only
> focusing on the 3com). Ifconfig recognizes this card and I can set it
> to the proper network values. /proc/pci /proc/interrupts and ifconfig
> all say this thing is at interrupt 9. Win95 works with this card, and I
> have powered-off since last booting with win95. route add -net
> 10.10.10.0 properly adds the correct routing entry, and everything at
> this point seems like it should work (it works with my netgear card at
> this point). The only problem is I can't ping out or in with this card.
>
> What is going wrong here? Any and all help is appreciated. If this
> doesn't work I'll have to go back to el-cheapo 15$ isa card which
> probably works fine.
>
> thanks
> michael
I believe that the net address you are using, 10.10.10.0 is a standard
IP test address for internal networks only, and real ip addresses are
either designed to ignore requests from those numbers, or the kernel or
networking layer is designed to not let packets from the standard test
ip addresses out to the net. Get a legitimate IP address from your ISP
and try again.
Erik
--
Erik H. Beck
[EMAIL PROTECTED]
------------------------------
From: Marc <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: NOSPAM in addresses..
Date: Fri, 01 Jan 1999 00:52:39 GMT
He is not saying that the government should tell us what we can and cant post,
he is saying that the government should make it illegal for these companies to
send unsolicited commercial bulk email. which only costs us, not the companies
doing it,,,do you want to get 300 advertisments in your email box a day
regarding "Make money fast" or "Free XXX sites, just click here" ad
nauseam..........
but the point is well taken that the govenrment should not tell us what we
can/cant post. after all do we want their beliefs being forced on everyone just
cause they feel like it?
the gvmnt does not need to grow a set,,they need to learn how to use them
properly!
Clifford Kite wrote:
> Dennis McGrath ([EMAIL PROTECTED]) wrote:
> : Normally I do, but occasionally they ask for a email response. It's a pain
> : dealing with the anti-spamming addressing. What we need is to have a
> : government with the balls enough to do something about it.
>
> I'd personally rather have the spam than risk government meddling with
> regard to what you can or can't post.
>
> --
> Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
> /* Speak softly and carry a +6 two-handed sword. */
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: NOSPAM in addresses..
Date: Fri, 1 Jan 1999 02:56:00 GMT
Marc writes:
> He is not saying that the government should tell us what we can and cant
> post, he is saying that the government should make it illegal for these
> companies to send unsolicited commercial bulk email.
Only someone who has paid very little attention to the way that government
actually works would believe that it will enact legislation to do the
latter and not use it as an opening wedge to achieve the former.
Politicians live for power and they are starting to see possibilities in
the Net. They are also starting to see it as a threat to their power.
--
John Hasler
[EMAIL PROTECTED] (John Hasler)
Dancing Horse Hill
Elmwood, WI
------------------------------
From: "Eric A. Hall" <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.tcp-ip
Subject: Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH
Date: Thu, 31 Dec 1998 16:34:39 -0800
> Box1 <-- ethernet1 --> i1 - Box2 - i2 - <===== ethernet2 =======>Box3
> When I try to telnet from Box1 to Box3, I get connection errors.
> When I ran "cold" and tcpdump on Box3, I see that the packets from Box1
> (with the source address of Box2's i2 IP address) appear in the trace.
> However I don't see any response packets from Box3. It simply seems to
> be dropping the packets.
It should work, if things are as you say.
> - How do I make the linux networking stack dump out the reason why it is
> dropping a packet?
You need to run tcpdump on box 3 with the "-vv" option and show us the
output from the trace.
--
Eric A. Hall [EMAIL PROTECTED]
+1-650-685-0557 http://www.ehsco.com
------------------------------
From: Chetan Patil <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.tcp-ip
Subject: Re: IP NAT & Packets being dropping by Linux. Networking gurus -PH
Date: Fri, 01 Jan 1999 00:55:51 GMT
Hi Eric,
Thanks for replying.
Following are the traces from tcpdump and cold..
Box1 - 192.168.2.3
Box2 (i2) - 141.131.40.32
Box3 - 141.131.40.1
tcpdump Output
===================================================
tcpdump: listening on eth1
16:46:08.001197 arp who-has 141.131.40.1 (Broadcast) tell 141.131.40.32
16:46:08.001197 arp reply 141.131.40.1 is-at 0:0:1c:1a:c6:3c
16:46:08.051197 141.131.40.32.3523 > 141.131.40.1.telnet: S
809935662:809935662(0) win 2948 <mss 536> (ttl 255, id 0)
16:46:11.021197 141.131.40.32.3523 > 141.131.40.1.telnet: S
809935662:809935662(0) win 2948 <mss 536> (ttl 255, id 1)
16:46:17.051197 141.131.40.32.3523 > 141.131.40.1.telnet: S
809935662:809935662(0) win 2948 <mss 536> (ttl 255, id 2)
16:46:29.081197 141.131.40.32.3523 > 141.131.40.1.telnet: S
809935662:809935662(0) win 2948 <mss 536> (ttl 255, id 3)
====================================================
cold output
====================================================
This is Cold Version 1.0.9 - September 17, 1998 - by Giuliano C.
Peritore
This is Cold Version 1.0.9 - September 17, 1998 - by Giuliano C.
Peritore
Interface: eth1, Network: 141.131.40.0, Netmask: 255.255.255.0
Link layer type: Ethernet (10Mb) (0x01)
=====
[PKT]
PKT: Frame: number 1, size 64 of 64, arrived at 915151568.1197
[MAC - Ethernet Frame]
MAC: Source: 00-00-1a-18-2a-de, AMD ?, Individual/Universal
MAC: Dest: ff-ff-ff-ff-ff-ff, --unknown--, Broadcast
MAC: Multicast protocol: ARP (for IP and CHAOS)
MAC: Protocol = 0x0806, ARP
[ARP Frame]
ARP: Hardware type = 1, Ethernet (10Mb)
ARP: Protocol = 0x0800, DOD IP
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Operation = 1, REQUEST
ARP: Sender's hardware address = 00-00-1a-18-2a-de AMD ?
ARP: Sender's protocol address = [141.131.40.32] Class B
ARP: Target hardware address = ff-ff-ff-ff-ff-ff --unknown--
ARP: Target protocol address = [141.131.40.1] Class B
=====
[PKT]
PKT: Frame: number 2, size 42 of 42, arrived at 915151568.1197
[MAC - Ethernet Frame]
MAC: Source: 00-00-1c-1a-c6-3c, JDR Microdevices, Individual/Universal
MAC: Dest: 00-00-1a-18-2a-de, AMD ?, Individual/Universal
MAC: Protocol = 0x0806, ARP
[ARP Frame]
ARP: Hardware type = 1, Ethernet (10Mb)
ARP: Protocol = 0x0800, DOD IP
ARP: Length of hardware address = 6 bytes
ARP: Length of protocol address = 4 bytes
ARP: Operation = 2, REPLY
ARP: Sender's hardware address = 00-00-1c-1a-c6-3c JDR Microdevices
ARP: Sender's protocol address = [141.131.40.1] Class B
ARP: Target hardware address = 00-00-1a-18-2a-de AMD ?
ARP: Target protocol address = [141.131.40.32] Class B
=====
[PKT]
PKT: Frame: number 3, size 64 of 64, arrived at 915151568.51197
[MAC - Ethernet Frame]
MAC: Source: 00-00-1a-18-2a-de, AMD ?, Individual/Universal
MAC: Dest: 00-00-1c-1a-c6-3c, JDR Microdevices, Individual/Universal
MAC: Protocol = 0x0800, DOD IP
[IP Frame]
IP: Version = 4, header length = 20 bytes
IP: Type of Service = 0x00
IP: Total length = 44 bytes
IP: Identification = 0
IP: Flags = 0x0,
IP: Fragment offset = 0 bytes
IP: Time to live = 255 hops/seconds
IP: Protocol = 6, TCP, Transmission Control
IP: Header checksum = 0x50a4
IP: Source address = 141.131.40.32
IP: Destination address = 141.131.40.1
[TCP Frame]
TCP: Source port = 3523, ?
TCP: Destination port = 23, telnet
TCP: Sequence number: 12358
TCP: Acknowledge number: 0
TCP: Data offset = 24 bytes
TCP: Res = 0x0
TCP: Flags = SYN Res2: 0
TCP: Window = 2948
TCP: Checksum = 0x36c0
TCP: Urgent pointer = 0 byte
=====
[PKT]
PKT: Frame: number 4, size 64 of 64, arrived at 915151571.21197
[MAC - Ethernet Frame]
MAC: Source: 00-00-1a-18-2a-de, AMD ?, Individual/Universal
MAC: Dest: 00-00-1c-1a-c6-3c, JDR Microdevices, Individual/Universal
MAC: Protocol = 0x0800, DOD IP
[IP Frame]
IP: Version = 4, header length = 20 bytes
IP: Type of Service = 0x00
IP: Total length = 44 bytes
IP: Identification = 1
IP: Flags = 0x0,
IP: Fragment offset = 0 bytes
IP: Time to live = 255 hops/seconds
IP: Protocol = 6, TCP, Transmission Control
IP: Header checksum = 0x50a3
IP: Source address = 141.131.40.32
IP: Destination address = 141.131.40.1
[TCP Frame]
TCP: Source port = 3523, ?
TCP: Destination port = 23, telnet
TCP: Sequence number: 12358
TCP: Acknowledge number: 0
TCP: Data offset = 24 bytes
TCP: Res = 0x0
TCP: Flags = SYN Res2: 0
TCP: Window = 2948
TCP: Checksum = 0x36c0
TCP: Urgent pointer = 0 byte
=====
[PKT]
PKT: Frame: number 5, size 64 of 64, arrived at 915151577.51197
[MAC - Ethernet Frame]
MAC: Source: 00-00-1a-18-2a-de, AMD ?, Individual/Universal
MAC: Dest: 00-00-1c-1a-c6-3c, JDR Microdevices, Individual/Universal
MAC: Protocol = 0x0800, DOD IP
[IP Frame]
IP: Version = 4, header length = 20 bytes
IP: Type of Service = 0x00
IP: Total length = 44 bytes
IP: Identification = 2
IP: Flags = 0x0,
IP: Fragment offset = 0 bytes
IP: Time to live = 255 hops/seconds
IP: Protocol = 6, TCP, Transmission Control
IP: Header checksum = 0x50a2
IP: Source address = 141.131.40.32
IP: Destination address = 141.131.40.1
[TCP Frame]
TCP: Source port = 3523, ?
TCP: Destination port = 23, telnet
====================================================================
Chetan
"Eric A. Hall" wrote:
>
> > Box1 <-- ethernet1 --> i1 - Box2 - i2 - <===== ethernet2 =======>Box3
>
> > When I try to telnet from Box1 to Box3, I get connection errors.
> > When I ran "cold" and tcpdump on Box3, I see that the packets from Box1
> > (with the source address of Box2's i2 IP address) appear in the trace.
> > However I don't see any response packets from Box3. It simply seems to
> > be dropping the packets.
>
> It should work, if things are as you say.
>
> > - How do I make the linux networking stack dump out the reason why it is
> > dropping a packet?
>
> You need to run tcpdump on box 3 with the "-vv" option and show us the
> output from the trace.
>
> --
> Eric A. Hall [EMAIL PROTECTED]
> +1-650-685-0557 http://www.ehsco.com
------------------------------
Date: Thu, 31 Dec 1998 16:59:54 -0800
From: Roy Prowell III <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Fat 32???
Thank you for your help. It's not surprising to see an issue come up with
spaces in file names. Have a Happy New Year.
Brent Rader wrote:
> You can mount a drive as type vfat and it works great, you even get the
> long file names. Just do something like this:
>
> mount -t vfat /dev/hda5 /mnt/somewhere
>
> The only problem that I have had with this so far is that windoze allows
> spaces in their long filenames. Linux doesn't seem to like this. I
> can't do something like 'cd Program Files'. Maybe there is a way around
> this?
>
> Roy Prowell III wrote:
>
> > I believe I was told that Linux is not able to mount / see a drive
> > formatted in FAT32. Does anyone know if this is correct?
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: Quick-n-Dirty Secure Card Dialup
Date: 31 Dec 1998 21:32:36 -0600
avery ([EMAIL PROTECTED]) wrote:
: If you simply *must* login to a network with a secure card and haven't
: been able to figure out all those dial scripts, this may help. It worked
: for me.
: I'm using Redhat 5.2 but I suspect the method will work for other
: distributions as well.
: (1) Open an xterm window
: (2) Start the dialer program (Minicom on Redhat)
: (3) Enter a dial command to connect to your network
: e.g. ATDT555-1212
: (4) Respond to the userid, password and secure card prompts.
: Your system should switch to ppp (your screen will start
: displaying strange characters)
: (5) Go to the xterm window.
: (6) Enter the pppd command to start ppp on your system. I use
: pppd /dev cua1 38400 crtscts defaultroute
: (7) You should now hear 'beeping'.
: (8) Go back to the Minicom window. Press Ctl-A, then Q to
: exit from Minicom without killing the line.
: (9) You are now online.
You might be interested in the patch below for secure card entries.
Or someone else might be. It's Steve's patch, not mine, and I've not
had a need to try it.
==========================================================================
Date: Sat, 28 Nov 1998 01:57:05 +0000
From: Steve Falco <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: chat modification for SecurID support
I have to use a SecurID "one time password" authenticator to connect to
my employer's network. Since the password changes every minute, I can't
put the password in a script or file. So, I have made a small change to
the chat program to allow the password to be typed in when requested.
The syntax is simply \P, which causes a password prompt to be issued to
the controlling terminal. I use this with the "updetach" option to pppd
to retain the terminal connection until chat completes. My employer's
system also requires a PIN; this is simply added to the \P. For
example, the expect/send string:
Password: 12345678\P
will send 12345678 concatinated with whatever password is typed in. I
have attached the patches to chat.c and chat.8. I'd like to request
that this change be made to the official source, as I imagine there are
other folks using SecurID authenticators who would benefit.
==========================================================================
*** chat.c.old Thu Jun 4 20:47:28 1998
--- chat.c Thu Jun 4 20:51:08 1998
***************
*** 650,655 ****
--- 650,658 ----
register char *s;
int sending; /* set to 1 when sending (putting) this string. */
{
+ char *getpass();
+ FILE *tp;
+ char *ep;
char temp[STR_LEN], cur_chr;
register char *s1, *phchar;
int add_return = sending;
***************
*** 695,700 ****
--- 698,724 ----
add_return = 0;
else
*s1++ = cur_chr;
+ break;
+
+ case 'P':
+ /* getpass writes its prompt to stderr, which pppd connects to a
+ * log file. We want it where the user can see it, so we write
+ * the prompt ourselves. We could re-implement getpass() or put
+ * a hack into pppd, but this is slightly cleaner.
+ */
+ if((tp = fopen("/dev/tty", "w")) == NULL) {
+ syslog(LOG_INFO, "Cannot open /dev/tty");
+ break;
+ }
+ fprintf(tp, "Password: ");
+ fclose(tp);
+ for(
+ ep = getpass("");
+ (*ep != 0) && (*ep != '\n');
+ /**/
+ ) {
+ *s1++ = *ep++;
+ }
break;
case '\\':
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* The wealth of a nation is created by the productive labor of its
* citizens. */
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
