Linux-Networking Digest #857, Volume #9 Tue, 12 Jan 99 03:13:54 EST
Contents:
2nd RFD: comp.os.linux.security (Erik de Castro Lopo)
GCC or G++, who is the best? (alpha_dec)
Re: smbprint & magic filter ?? (Karl Staas)
smbprint & magic filter ?? ("Stuart Broad")
Re: Netscape plug-ins (Paul Carver)
Re: question re: NAT & ip-masq (Matt Ostiguy)
Re: D-Link DFE-530TX PCI (a)
Re: Linux SuSE and Windows 95 via Network ("Eugene")
Re: Satan on Linux? (Simon Karpen)
Re: Cannot send packets outside the network ([EMAIL PROTECTED])
Re: Automatically cut ppp link ("Tommi M�kitalo")
smbprint & magic filter ?? ("Stuart Broad")
Re: tunneling over masquerading (Megavolt)
Re: fake an internet connection from win98 box to linux box? ([EMAIL PROTECTED])
SCSI (Gregory Leblanc)
Re: Pioneer DRM-1804X jukebox drivers. ("Eugene")
Re: linux firewall is getting a really bad speed hit ("Moshe Bar")
----------------------------------------------------------------------------
From: Erik de Castro Lopo <[EMAIL PROTECTED]>
Crossposted-To:
news.announce.newgroups,news.groups,comp.security.unix,comp.os.linux.setup
Subject: 2nd RFD: comp.os.linux.security
Date: Tue, 12 Jan 1999 06:39:19 GMT
REQUEST FOR DISCUSSION (RFD)
unmoderated group comp.os.linux.security
This is a formal Request For Discussion (RFD) for the creation of a
world-wide unmoderated Usenet newsgroup comp.os.linux.security. This
is not a Call for Votes (CFV); you cannot vote at this time.
Procedural details are below.
Newsgroup line:
comp.os.linux.security Security and the Linux Operating System.
CHANGES from previous RFD:
Clarification of charter to allow open discussion of vulnerabilities
while discouraging discussion specifying how to breaking into
machines.
Added a prohibition on binary posts.
Fixed error in naming of comp.security.unix newsgroup.
RATIONALE: comp.os.linux.security
The number of users of the Linux Operating System has grown
significantly over the last few years. A large number of these new
users are connecting their machines to the internet via modems with
little or no thought about the security of their machines. In
addition, the standard installation procedure of most Linux
distributions results in a machine with maximal capabilities but also
with a number of possible security holes. A search of a usenet
archiving site such as dejanews would quickly find a large number of
linux security discussion threads scattered across numerous existing
newsgroups.
The existing newsgroup comp.security.unix is useful but its
discussion content is aimed more at the unix administrator level.
Therefore a newsgroup specifically aimed at the home/small business
Linux user would complement rather than replace discussion on
comp.unix.security.
CHARTER: comp.os.linux.security
This newsgroup is dedicated to the discussion of issues related to
establishing and maintaining the security of machines running the
Linux Operating System on all processor architectures.
Open discussion of techniques and software for protecting machines
against remote attacks (via a network connection) as well as attacks
from untrusted local users are welcome. This discussion can include
information about which applications are vulnerable, the form of the
vulnerability and snippets of source code for demonstrating the
vulnerability. Posting of programs and scripts written for the
purposes of breaking into machines will not be tolerated.
The posting of commercial information to this group is permitted only
if the information is directly relevant to security and the Linux
Operating System.
Messages which are cross-posted to or from any advocacy newsgroup are
not welcome. As this is a discussion group, the posting binaries is
strongly discouraged. Spamming, ECP and EMP of any sort is absolutely
not tolerated.
END CHARTER.
PROCEDURE:
This is a request for discussion, not a call for votes. In this phase
of the process, any potential problems with the proposed newsgroups
should be raised and resolved. The discussion period will continue
for a minimum of 21 days (starting from when the first RFD for this
proposal is posted to news.announce.newgroups), after which a Call For
Votes (CFV) may be posted by a neutral vote taker if the discussion
warrants it. Please do not attempt to vote until this happens.
All discussion of this proposal should be posted to news.groups.
This RFD attempts to comply fully with the Usenet newsgroup creation
guidelines outlined in "How to Create a New Usenet Newsgroup" and "How
to Format and Submit a New Group Proposal". Please refer to these
documents (available in news.announce.newgroups) if you have any
questions about the process.
DISTRIBUTION:
This RFD has been posted to the newsgroups:
news.announce.newgroups,
news.groups,
comp.security.unix,
comp.os.linux.announce,
comp.os.linux.networking,
comp.os.linux.setup
and mailed to the following mailing lists:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Proponent: Erik de Castro Lopo <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (alpha_dec)
Subject: GCC or G++, who is the best?
Date: Tue, 12 Jan 1999 06:22:03 GMT
GCC or G++, who is the best?
------------------------------
From: Karl Staas <[EMAIL PROTECTED]>
Subject: Re: smbprint & magic filter ??
Date: Tue, 12 Jan 1999 01:17:56 GMT
Stuart Broad wrote:
>
> I am using smbprint to print to a remote printer on a windows95 M/C and am
> trying to work out if it is possible to incorperate a magic filter at the
> same time.
> I have managed to lpr plain text to the printer so I know that part is
> working. I am just strugling to ge my head around the next step.
> Any pointers would be greatly appriciated.
It worked out for me using LPRng and wasn't too bad.
If I recall correctly I had to deal with the following:
/etc/lpd.conf, /etc/lpd.perms, and /etc/printcap. You'll
also need to run lpc to get things enabled. Sounds like the
key you may be missing is the setting of "lp" in printcap?
My versions of the above files are below.
My lpd.conf has only one line uncommented, which is:
printer_perms_path=/etc/lpd.perms
My lpd.perms has the following uncommented:
# allow root on server to control jobs
ACCEPT SERVICE=C SERVER USER=root
REJECT SERVICE=C
#
# allow same user on originating host to remove a job
ACCEPT SERVICE=M SAMEHOST SAMEUSER
# allow root on server to remove a job
ACCEPT SERVICE=M SERVER USER=root
REJECT SERVICE=M
# all other operations allowed
DEFAULT ACCEPT
Here's the two lines from my /etc/printcap that make my WinNT printer
work:
# Canon BJ-200e Bubble Jet Printer
lp:lp=|/usr/local/samba/bin/bert:sd=/var/spool/lp:sh:af=/var/spool/lp/acct:if=/usr/local/src/magicfilter-1.2/filters/bj200-filter
I've run the same printer on my Win98 box with similar success.
I can print fig graphics, postscript, etc using the above.
--
Karl Staas
------------------------------
From: "Stuart Broad" <[EMAIL PROTECTED]>
Subject: smbprint & magic filter ??
Date: Tue, 12 Jan 1999 00:47:46 -0000
I am using smbprint to print to a remote printer on a windows95 M/C and am
trying to work out if it is possible to incorperate a magic filter at the
same time.
I have managed to lpr plain text to the printer so I know that part is
working. I am just strugling to ge my head around the next step.
Any pointers would be greatly appriciated.
Stuart Broad
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul Carver)
Subject: Re: Netscape plug-ins
Date: Tue, 12 Jan 1999 04:25:11 GMT
On 10 Jan 1999 03:17:52 GMT, [EMAIL PROTECTED] (Ollie
Acheson) wrote:
>Do plug-ins work for Netscape 4.5 for Linux? I tried following the
>instructions for the Realaudio plug-ins, but the Plug-in button is greyed out
>in my Netscape. This a Win95 feature that didn't quite make it to Linux?
The realaudio plug-in works, but you need to get the right one. Search
the realaudio site thoroughly, it's well hidden. I seem to recall that
if you have Red Hat Linux or another glibc system you need to get the
older version of the plugin.
------------------------------
From: Matt Ostiguy <[EMAIL PROTECTED]>
Subject: Re: question re: NAT & ip-masq
Date: Tue, 12 Jan 1999 01:26:17 -0500
Christopher Quale wrote:
>
> Hello,
>
> I am soon to get cable modem access and I am thinking about
> how would be the best way to share the connection (between
> two client machines via 10Mb ethernet). I know about ip
> masquerading, but I have no experience with it.
>
> Here are my questions:
>
> 1. The planned server is an aging 486 (DX250, 40 MB RAM, kernel
> 2.0.36). Is this machine fast enough to serve up the bandwith
> to two other machines?
Yup. I run almost the same thing with 486-66, 16mb, 540mb HDD.
> 2. How well does ip-masq work w.r.t things like Real Audio/Video,
> ICQ, etc...
> 3. How does ip-masq compare w/ things like NAT?
> 4. Are there other options?
>
> Thanks to anyone that can help.
>
> Chris
Basically I am a flaming Linux newbie. I run a 2.0.34 (Redhat 5) kernal
and entered a few ipfwadm forwards and blocking rules. WOrks perfect for
everything with multiple WIn clients doing AOl IM, http, ftp, RA,
streaming video.
Basically, it is a free, rock solid, transparent, fast solution. That
should make you smile!
Matt
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Matt Ostiguy, MCP Win95, NT Server, TCP/ IP
IM: ostiguy781
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
------------------------------
From: a <[EMAIL PROTECTED]>
Subject: Re: D-Link DFE-530TX PCI
Date: Mon, 11 Jan 1999 17:28:43 -0800
http://cesdis.gsfc.nasa.gov/linux/drivers/test/via-rhine.c
"Johan H�gdahl" wrote:
>
> I can't get the card working, any sugestions on drivers ?
>
> Johan
------------------------------
From: "Eugene" <[EMAIL PROTECTED]>
Subject: Re: Linux SuSE and Windows 95 via Network
Date: Tue, 12 Jan 1999 02:19:57 -0500
www.linux.org/help
Kai Acker wrote in message <[EMAIL PROTECTED]>...
>I am looking for FAQ or something like that to establish a connection
>via Ethernet etho between an Windows 95 and an Linux SuSE 5.3 machine,
>Has anybody an idea?
>
>Tahnx
>
>Kai
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Simon Karpen)
Crossposted-To: rpi.os.linux
Subject: Re: Satan on Linux?
Date: 12 Jan 1999 00:11:32 GMT
In article <[EMAIL PROTECTED]>, Raj Dutt wrote:
>Agent Hall wrote:
>>
>> >OBDisclaimer: Remember, only use this on your own systems or systems
>> >you are authorized to use this on.
>>
>> yeah, or cis/acs/its will send you personalized e-mails to make you
>> feel all warm and fuzzy!!
>>
>
>hehe, that's funny
>btw how'd you manage to get tempest? i thought it was 'strict' policy to
>make it your rcs userid?
That policy started this current semester. I used to have wormhole.stu.rpi.edu
and teroknor.stu.rpi.edu.
--Simon
--
Simon Karpen [EMAIL PROTECTED] [EMAIL PROTECTED]
#include <std_disclaimer.h> I don't speak for RPI in any way.
"Those that give up essential liberty to obtain a little temporary
safety, deserve neither liberty nor safety." --Ben Franklin
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cannot send packets outside the network
Date: Tue, 12 Jan 1999 07:17:37 GMT
hi narayan,
the DEFAULT mask could be 255.255.255.0 - unless there is something specific
about your network that is not shown here. ( there might be a) some howto,
try net3 or other and b) someone from your networking people ( who set up the
router and dns) to find out more about this).
but there are some easy things to look for first:
can you ping your router ?
can you ping your dns-server ?
how is routing setup in your machine?
In article <[EMAIL PROTECTED]>,
Narayan Parameshwar <[EMAIL PROTECTED]> wrote:
> Hi!
>
> I am a beginer with linux. I have installed RedHat 5.2 on my
> computer which has 3com 3c509 ethernet card. The address of the machine
> is 192.168.100.111. I have the following problem:
>
> I am able ping or telnet to a machine within our network (such
> as 192.168.100.101). However, I cannot send IP packets outside my
> network. I have specified 192.168.100.100 as the gateway (which is our
> router) and DNS (which is on our ISP network) address is also
> specified. I do not have any host specific routes or any other entries
> in the routing table. The packets do not even leave the machine. I get
> network unreachable error message. This occurs regardless of whether I
> entered name of the machine or a specific IP address.
>
> I have not specified any netmask. It does not work even if i
> specifiy any netmask. But I think the problem is in the proper
> specification of netmasks. I really appreciate if any of you can provide
> any solution to this problem.
>
> Regards,
> Narayan Parameshwar
> AWARD Solutions, Inc
> (972) 664-0727
> [EMAIL PROTECTED]
>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Tommi M�kitalo" <[EMAIL PROTECTED]>
Subject: Re: Automatically cut ppp link
Date: Mon, 11 Jan 1999 09:55:29 +0100
Put the following script in your crontab and execute it every 5 minutes:
#!/bin/sh
LOGFILE=/tmp/pppstat
PPPDOWN=/etc/ppp/ppp-down
if [ "`ps ax|grep pppd`" ]; then
if [ -f $LOGFILE ]; then
if ["`netstat -ni|grep ppp0`" == "`cat $LOGFILE`" ]; then
$PPPDOWN
else
netstat -ni >$LOGFILE
fi
fi
else
rm $LOGFILE
fi
Tommi M�kitalo
Dr. Eckhardt + Partner GmbH
[EMAIL PROTECTED]
Patrick Clauberg schrieb in Nachricht <[EMAIL PROTECTED]>...
>Hi,
>
>I am using a linux box to connect me to the internet and I manually
>start / stop the ppp thing.
>
>Some days ago I forgot to hang up and noticed it the next morning.
>:-((((
>
>How do I control the ppp link, and automatically cut it after a
>certain time without traffic?
>
>I tried the diald , but don't like it
>
>Thanx
>
>Patrick
>
>
>
>
------------------------------
From: "Stuart Broad" <[EMAIL PROTECTED]>
Subject: smbprint & magic filter ??
Date: Tue, 12 Jan 1999 00:47:46 -0000
I am using smbprint to print to a remote printer on a windows95 M/C and am
trying to work out if it is possible to incorperate a magic filter at the
same time.
I have managed to lpr plain text to the printer so I know that part is
working. I am just strugling to ge my head around the next step.
Any pointers would be greatly appriciated.
Stuart Broad
[EMAIL PROTECTED]
------------------------------
From: Megavolt <[EMAIL PROTECTED]>
Subject: Re: tunneling over masquerading
Date: Tue, 12 Jan 1999 02:15:48 GMT
It would work fine... if you set your default gateway on your local-net
computers to the ip address of the isp guy... and set the routes on your linux
gateway to find the isp guy through the tunnel... I dunno if this will work for
you... you might have to use NAT to change the source/dest IP addresses... but
this might head you in the right direction? :)
Eric Kluft wrote:
> Hi all,
>
> My provider gives me 1 ip-number. They don't have the abillity to route more
> ip-numbers to me. A friend of mine, however, is working at another ISP. By
> tunneling (linux IPIP) I route 32 ip-numbers to me from that ISP. I just
> route all computers on my local network over the tunnel to the internet.
> (/sbin/route add default gw w.x.y.z tunl0)
> So far so good.
> The problem is that the tunnel uses 8 extra hops so the connections get
> slower. The solution to this problem is to masquerade the workstations and
> to tunnel the servers.
> I can't do this on 1 server (because i must choose to route the default
> gateway over the tunnel or ethernet interface (can't use both)).
> If I use 2 computers, 1 computer is connected to the internet and
> masquerades all computers behind it. The second computer contains the
> tunnel. The source address of this tunnel server should be rewritten by the
> masquerading server.
> This last piece however is not possible. Tunneling uses RAW ip for it's
> frames and you can't masquerade RAW ip.
> I know this is the case for standard 2.0.35 kernels, but maybe there's a
> solution for it. The solution as offered for microsoft PPTP does not work.
> Does anyone know if ipchains has the abillity to masquerade raw ip?
> Does anyone know if NAT has the abillity to masquerade raw ip?
> Does anyone know a different solution?
>
> Tanx in advance,
>
> Eric.
--
"If all else fails, you can blame it on me..." - Barenaked Ladies
To respond to my Email take out the antispam message
in my reply address --> "isnot"
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: fake an internet connection from win98 box to linux box?
Date: Tue, 12 Jan 1999 07:21:31 GMT
It really shouldn't matter whether you connect from across the room or across
the ocean, you make the connection via TCP/IP by using a client (e.g.
browser, telnet, ftp, etc.) to connect to the server that is running the
appropriate server software for the client being used. Of course you must be
on a network of some kind, weather dial up or local cable connection. That,
I think, is the key thing you are asking about. You can have a LAN with two
computers, your client and your server, and test you Internet server in that
way.
In article <77dv2v$15m$[EMAIL PROTECTED]>,
"Vance Greenway" <@ricochet.net> wrote:
> i have a linux box setup to be an internet server when my connection is
> ready in a month or so. in the meantime, i am doing some java development
> on win98 that will be connecting to a postgresql database on the linux box.
> is there a way to fake an internet connection between the two boxes so that
> an applet running on my win98 machine is accessing the postgresql database
> on the linux machine?
>
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Gregory Leblanc)
Crossposted-To: alt.os.linux,comp.os.linux.misc
Subject: SCSI
Date: Tue, 12 Jan 1999 06:22:58 GMT
Hi there! I've been using NT for the last couple of months, because I
already understand how to operate it, and I didn't want to run
something as bad a WinBlows 9x on such a nice box. Ideally, I'd like
to run Linux and X, but I have a few questions.
1) Is SCSI as easy under Linux as it is under NT. I.E. I plug in a
SCSI zip drive, and provided that it's set to a valid SCSI ID, it
works, without any drivers or anything. If I have support for my SCSI
card compiled as part of the kernel, will it recognize my ZIP drive as
a removeable drive, and my CD-R as a WORM, or at least a read-only
media drive?
2) I heard someplace that NetGear had some really good 10/100Mbit
NICs, that had features that were lacking on the 3Com Etherlink XL,
and Intel 10/100 TX cards. Has anybody heard about this?
Thanks a bunch,
Greg
Greg Leblanc
Network Admin
Concordia University Portland
gleblanc at cu-portland.edu
------------------------------
From: "Eugene" <[EMAIL PROTECTED]>
Subject: Re: Pioneer DRM-1804X jukebox drivers.
Date: Tue, 12 Jan 1999 02:14:23 -0500
I know that Pioneer cdroms are crap and don't work with Linux well. I had a
pioneed and had to replace it
Nick Belnap wrote in message <[EMAIL PROTECTED]>...
>Does anyone know of a driver for a drm-1804x cd jukebox for Linux?
>
------------------------------
From: "Moshe Bar" <[EMAIL PROTECTED]>
Subject: Re: linux firewall is getting a really bad speed hit
Date: Tue, 12 Jan 1999 09:36:15 +0200
Since only the ones behind the firewall are suffering from perforamance
problem it could be that the lan between them is having problems.
In ifconfig for eth0 do you see many transmission errors? do you see any
dropped packets? Is DNS set up correctly?
Have you made you Linux box also a DNS server? that would help the clients
since they do a DNS look-up withing the Lan.
I have a Linux firewall (a 486/50 Compaq laptop with a Megahertz PCMCIA
ethernet card) to a 1.2Mbps line and it is managing just fine. We get the
full possible throughput on the clients.
Moshe Bar
Johnny Icon wrote in message ...
>I have been trying to get my little private network to work with Linux
>Ip masquareding/ firewall.< just TCP loaded>
>
>yes I got it working, my firewall is accepting and denying all the right
>stuff
>but, I have noticed a huge hit in the thruput once the linux box is running
>the Wall, normally I get an average of 500Kps with a direct connection
>from the cable modem thru the hub into an Win98 box a little slower if
>direct
>connect to the Linux box straight into eth0,
>
>when the fire wall is up, sitting at the lanned Win98 box thruput drops
down
>to no greater that 20 Kps sometimes worse, the linux box still has a bit of
>a speed hit when firewall is up but the masquareded clients are really
>suffering
>
>What is happening to the bandwidth, this really sucks.
>
>Does anyone who knows Linux firewalls have this problem. I would love to
>know how to cure this problem.
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
