Linux-Networking Digest #860, Volume #9 Tue, 12 Jan 99 16:13:46 EST
Contents:
Re: netscape cache (Howard Mann)
Wavelan Config Help needed! (James Nedila)
[HELP] Can't telnet in? (Ding-Jung Han)
Transparent Proxy for Win9x... ("Ryan C. Payne")
Re: IP Masquerading Help (Chris)
Re: NETWARE problem HELP !! ([EMAIL PROTECTED])
Re: su won't let me shutdown/ifconfig (Villy Kruse)
Re: What linux works best with a cable modem? ("Terrelle Shaw")
FA310TX FINALLY WORKING! (Troutman)
ip-up problem ("Jonas")
problems compiling ipfwadm (Ed Pfromer)
Re: Apache SSL and libdbm (Lars Hofhansl)
RedHat 5.2/NIS/netgroups (Ariel Biener)
Linux kernel limits (Allen Ahoffman)
Re: Telneting as "root" (Bill Wangard)
Re: routing has me stumped (Rick Hicks)
IP Masquerading Help ("Brian")
Re: ~user accounts (Habe Nichts)
----------------------------------------------------------------------------
From: Howard Mann <[EMAIL PROTECTED]>
Subject: Re: netscape cache
Date: 12 Jan 1999 06:48:40 GMT
In article <[EMAIL PROTECTED]>,
Arthur Chiu <[EMAIL PROTECTED]> writes:
> I am using NS4.07 in RH5.2.
>
> I set the disk cache to 5000 kb.
>
> When I check the cache directory with du, it reports more than that.
>
> In fact, it seems expanding all the time, why?
Well, I use Netscape 4.04 and I set my disc cache size to 10000Kb.
I just checked my cache and it has 48Mb of files! Wow, is this a bug
or what?
When I selected " clear disc cache ," it didn't.
Does anyone have any ideas?
Cheers,
--
Howard Mann
[EMAIL PROTECTED]
http://www.xmission.com/~howardm
(a LINUX website for newbies)
------------------------------
From: James Nedila <[EMAIL PROTECTED]>
Subject: Wavelan Config Help needed!
Date: Fri, 08 Jan 1999 14:56:03 -0800
i've got a wavelan card that has support builtin to the kernel (2.0.35)
it detects the card at bootup, recognizes that there is a device there.
I use ifconfig to give the device an ip, broadcast, and netmask
information.
It takes the information successfully, but i get a message like
'SCICSIFFLAGS: try again'
i've read the Ethernet HOWTO and it talks about this situation, how it
has to do with interrupts.
But i've checked my interrupts, and the wavelan's (10 or 11) is not
being used.
Any ideas for ways to get this card up and running??
Thanks!
James Nedila
Communications Programmer
PolyMath Development Group
Simon Fraser University
[EMAIL PROTECTED]
------------------------------
From: Ding-Jung Han <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: [HELP] Can't telnet in?
Date: Tue, 12 Jan 1999 17:43:10 +0000
It has puzzled me for a long while: I can ppp connect to my school with
no problem, and I can telnet to my linux box using the IP address
reported from pppd FROM MY LINUX BOX. But when I tried to telnet back to
my linux box from some school machine, it failed (only 'Trying
xxx.xxx.xxx.xxx...' was shown, no login prompt.).
I can ping my machine from the remote machine, I can nslookup to get the
name -- I just can't telnet (or ftp) back. Both of my hosts.allow and
hosts.deny contain only # lines, and I'm sure that in /etc/services and
/etc/inetd.conf the telnet/ftp services are both available.
Other notes: no /etc/ttys exists.
For testing purpose, I switched to Windows NT, and ftp back to my PC
from remote machine -- worked perfectly. So the cause is limited to my
linux setup...
I'm using RedHat 5.2 with kernel 2.0.36-3 (manually upgraded from RH5.1
-- no it's not the cause, since I have had this problem before
upgrading).
Any comments are welcome.
Ben
------------------------------
From: "Ryan C. Payne" <[EMAIL PROTECTED]>
Subject: Transparent Proxy for Win9x...
Date: Tue, 12 Jan 1999 11:43:34 -0500
Hello all,
I've seen questions similar to this in the past about having two
computers, 1 Linux and 1 Win9x, and wanting to be able to share on
internet connection. I also know that the better way to do it is IP
masquerading with Linux. Due to physical hardware limitations, I cannot
do this at the present time... So therefore, the question:
Does anybody know of any good Win9x proxy programs that are
transparent to the users? i.e. they can telnet to where they want to go
and don't have to telnet to the proxy first, etc. I must amend my
question: and good, fast transparent proxies...
Any help would greatly be appreciated!!
Thanks,
Ryan
--
==================================
Ryan C. Payne, MSIS, BSN, RN
[EMAIL PROTECTED]
Computer Support Consultant
Department of Radiology
Division of Radiology Informatics
University of Pittsburgh Medical Center
Pittsburgh, PA 15213-2582
------------------------------
From: [EMAIL PROTECTED] (Chris)
Subject: Re: IP Masquerading Help
Date: Tue, 12 Jan 1999 18:15:04 GMT
On Mon, 11 Jan 1999 21:06:29 -0800, "Brian" <[EMAIL PROTECTED]> wrote in
comp.os.linux.networking:
>After compiling, I ran make modules ; make modules_install ; make dep ; make
>clean
>There are also a number of �no
>dependency information for module�� messages, but they go by too fast to
>read (one of them is for appletalk.o).
The order of compiling is bad. You should make your kernel in the
following order:
make config (or menuconfig or xconfig)
make dep (calculate dependencies for the kernel and all modules)
make clean (remove all old object files)
make zImage (or bzImage for a compressed kernel)
make modules
make modules_install
Then copy the kernel to your /boot directory (under a descriptive name),
edit the lilo.conf file, run lilo, and reboot.
Your order (make modules, make modules_install, make dep) means that the
modules are created with incorrect or missing dependency information.
>I know there has to be a log of this
>somewhere, but I can�t find it.
The system console messages are available via the "dmesg" command, or you
can look in the /var/log/kern.log* files.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NETWARE problem HELP !!
Date: Tue, 12 Jan 1999 18:35:43 GMT
In article <77f7lc$[EMAIL PROTECTED]>,
Sebastian Bunka <[EMAIL PROTECTED]> wrote:
>
[posted and mailed]
What does ifconfig say? Is it possible you had a network/cabling fault?
did IP services run without problem (nfs, etc.)? Is there a chattering
net card on your segment of the lan that might be temporarily blocking
your connection? I suggest hardware because you are sure that there
were no other configuration changes.
> Hi all,
> I have a serious problem w/ ncpfs under linux 2.0.33, debian 1.3.1 and
> have no further idea to fix this. And, our computer dep. just says
> its not their fault and cannot help me.
>
> The story:
> I've installed my debian on january 1998. I'm using ipx/ncpfs
> for mounting netware volumes and to print to netware-queued printers
> (I think it is netware 3.5). Until october I _never_ had a problem
> mounting netware volumes or printing w/ nprint. Then suddenly something was
> broken! One afternoon I mounted a volume, the next morning it didn't work
> anymore:
> slist: No server found in ncp_initialize
> ncpmount: No server found when trying to find MICKYSERVER
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Villy Kruse)
Subject: Re: su won't let me shutdown/ifconfig
Date: 12 Jan 1999 10:01:23 +0100
In article <[EMAIL PROTECTED]>,
Tom Elsesser <[EMAIL PROTECTED]> wrote:
>If you use a " - " between the "su" and "root", it will change the
>environment to what would be expected if root had actually logged in.
>So " su - root" would give you the root environment (i.e. PATH).
>
>Tom
>
>
>
If you grew up on SysV systems you will know that 'su root' will change
PATH to be the superuser PATH instead of the current user PATH. Thus you
wouldn't risk necomming super user with an unknown and possible possible
dangerous PATH
'su - root' will give an environment identical to the one you would get if
you logged in as root, as stated correctly above.
Linux, and probably most other non-sysV systems including AIX will treat
'su root' as becomming superuser without modifying the environment; that
is the PATH will be inherited from the original user. This can be used
to trick an unsuspecting administrator to run a trojan from the user's
PATH as superuser.
Villy
------------------------------
From: "Terrelle Shaw" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: What linux works best with a cable modem?
Date: 12 Jan 1999 19:40:38 GMT
Linux is linux..what distrubution is what your really asking..
Paul E Larson <[EMAIL PROTECTED]> wrote in article
<mW7m2.28023$[EMAIL PROTECTED]>...
> In article <779uco$s1a$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(smile) wrote:
> >I have a cable modem Com/21 and an ethernet card Tbase/10 on ISA slot.
> >Would like to know which linux would work best with my configuration.
> >I've got also amd 350 and w95(intend to install w98).
> >Would appreciate any advice.
> >
> So far Redhat and Caldera have been the easiest to configure for my cable
> modem. With Redhat I use DHCP and with Caldera it is BOOTP, haven't tried
DHCP
> with Caldera yet.
>
> Paul
>
> Get rid of the blahs to email me :}
>
------------------------------
From: Troutman <[EMAIL PROTECTED]>
Subject: FA310TX FINALLY WORKING!
Date: Tue, 12 Jan 1999 13:59:19 -0500
Reply-To: [EMAIL PROTECTED]
I have been bitching about the Netgear FA310TX D1 chipset for 2 months.
I finally just got it to work. I put one card in (was trying to use
two) and used the v.89 revision of tulip.c. The machine still will not
work with two Netgear cards installed, but at least one is now
operational.
Thanks to those that offered suggestions, ranging from calling a witch
doctor to having me mail them the card for testing.
MT
------------------------------
From: "Jonas" <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.ppp
Subject: ip-up problem
Date: Tue, 12 Jan 1999 20:55:30 +0100
Hi
I' trying to setup a Linux Router Project (LRP) using one NIC and a modem.
I've figured out that my firewall rules should go in my ip-up script.
I use LRP and it's based on debian Linux. I'm more used to RedHat but I'm
still very green on linux in general. In the ip-up script it says that the
file shouldn't be changed, and that the changes should be made in ip-up.d
directory.
in my /etc/ppp/ip-up it says:
.....
run-parts /etc/ppp/ip-up.d
.....
I've put a file named firewall in the directory containing my firewall rules
. Made it executable, but when i run pppd and a connection is made it
doesn't execute the script. Why? Is the name wrong or what?
TIA /Jonas
------------------------------
From: [EMAIL PROTECTED] (Ed Pfromer)
Subject: problems compiling ipfwadm
Date: Tue, 12 Jan 1999 12:06:12 -0800
I have downloaded the ipfwadm source from http://www.xos.nl/download.html
onto my Linux boxen and am trying to compile it, but am getting beaucoup
compile errors. I have two systems:
1) a MIPs box running:
2.0.33 #1 Tue Mar 10 18:00:37 PST 1998 mips unknown
2) an x86 box running:
2.0.36 #1 Tue Oct 13 22:17:11 EDT 1998 i686 unknown
Compiles on both machines exhibit the same results: lots of conflicts
with symbol redefinitions between /usr/include/socketbits.h and
/usr/include/linux/socket.h.
I read from the XOS page that "No version of ipfwadm will compile using
glibc2 (libc6). The ipfwadm source RPM files included with Red Hat Linux
5.0 and 5.1 already contain a working patch." However, I am running RH
5.2, so the patch should be included.
Has anyone done this? Is this a case of pilot error?
Thanks for any help.
--
Ed Pfromer
408.749.9412
[EMAIL PROTECTED]
XLeration, Inc.
http://www.xleration.com
------------------------------
From: Lars Hofhansl <[EMAIL PROTECTED]>
Subject: Re: Apache SSL and libdbm
Date: Tue, 12 Jan 1999 21:05:54 +0100
> When I tried apache-ssl-1_3_3-1_28-0_src_rpm.gz which is the latest I get
> the same type errors.
>
> When I put in -lgdbm (which I have) I get loads of compile errors from
> Apache_SSL complaining about no functions like:
> Unidentified reference to BIO_new
> Unidentified reference to BIO_ctrl
> Unidentified reference to BIO_free
> etc.
> etc.
> etc.
The BIO_xxx struff is part of SSLeavy. The BIO functions are entirely
unrelated to libgdbm.
It's in either libssl.a or libcrypto.a. You have to link against
these libraries.
'Hope this helps,
Lars
--
Legal Warning: Anyone sending me unsolicited/commercial email
WILL be charged a $100 proof-reading fee. See US Code Title 47,
Sec.227(a)(2)(B), Sec.227(b)(1)(C) and Sec.227(b)(3)(C).
Linux grows, see http://counter.li.org/ and register.
------------------------------
From: Ariel Biener <[EMAIL PROTECTED]>
Subject: RedHat 5.2/NIS/netgroups
Date: 12 Jan 1999 19:24:02 GMT
We are running a heterogenous cluster of NIS clients, with 3 NIS servers
(one master, two slaves).
Recently, we have added a Linux based machine, 2.0.36 kernel,
glibc-2.0.7-29, and all the ypbind/clients from the 5.2 distribution.
Unfortunately, we haven't been able to figure out how to make netgroup based
authentication work. I have read through all the threads ever posted about this
subject to UseNet, and have been through all the manual pages, DOCs and FAQs
on the subject, and also posted a Question to Thomas Kukuk and also to the
Israeli Linux Community, but to no avail.
This is the situation:
We have tried different /etc/nsswitch.conf configurations, using either:
passwd: files compat
group: files compat
passwd_compat: nis
group_compat: nis
netgroup: nis
or without the *_compat, or with:
passwd: files nis
group: files nis
netgroup: nis
We have changed the PAM authentication modules to the *_unix based ones,
because the pwdb one doesn't look at nsswitch.conf nor does it work with NIS.
I have checked the sources of glibc-2.0.7-29 to seek the error that existed
in previous versions, where:
encrypted == NULL was mistyped as encrypted != NULL . But glibc-2.0.7-29 is
fixed.
In any case, /etc/passwd wont deal with netgroups at all. I can add
+user or -user, but +@netgroup doesn't work.
Does anyone have a working solution, that allows the use of +@netgroups or
-@netgroups , in order to have a selective authentication method to the
NIS client in question ?
Best regards,
--
Ariel Biener
~~~~~~~~~~~~~ Tel: +972-3-6406086
System Administrator Fax: +972-3-6409118
Computation Center, Unix System Group Cell: +972-52-953827
Tel-Aviv University, Ramat-Aviv, ISRAEL e-mail: [EMAIL PROTECTED]
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: Allen Ahoffman <[EMAIL PROTECTED]>
Subject: Linux kernel limits
Date: 12 Jan 1999 20:44:52 GMT
Can someone tell me why the kernel has the number of groups a user can be
put in set as low as 32?
Using the following model I started creating a system where users can't
see anything of one another.
I set each user to their own group.
then I put the web server in each group, so that the web user e.g. web
server can see all users.
Then setting permission correctly makes users invicible to one antoher but
visible to the web server.
using suexec allows all cgi's to run as ther user.
So, why in libc6 and the kernel are the values set to 32 for this?
What is the drawback from raising them, I did it and its not different as
far as I can tell, but changing this is not straightforward and can really
mess up a system if you do it wrong.
--
=======================================================================
| Announce communications Inc. | voice: 301-731-5786 |
| 5004 West Lanham Dr. | email: [EMAIL PROTECTED] |
| Hyattsville, MD 20784 | http: www.announce.com |
======================================================================
------------------------------
From: Bill Wangard <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.misc,comp.os.linux.setup
Subject: Re: Telneting as "root"
Date: Tue, 12 Jan 1999 12:17:40 -0700
A.G. wrote:
> I have just configured two ethernet cards to connect two linux machines.
>
> I can remotely telnet to any of the machines, but not as root to either.
> Just as a regular user.
>
> Is this normal or I have misconfigured smth?
>
> Thanx a lot!
>
> A.G.
Rename the file /etc/securetty to
/etc/securetty.orig
You will now be able to telnet in as root, but be warned:
The reason that root is disabled from telnetting in is to prevent a hacker
from breaking root's password. With the securetty file implemented, a
hacker needs to break TWO passwords.
------------------------------
From: [EMAIL PROTECTED] (Rick Hicks)
Subject: Re: routing has me stumped
Date: Tue, 12 Jan 1999 06:47:04 GMT
Reply-To: [EMAIL PROTECTED]
You didn't happen to say whether the Cisco router has a route to the
internal network that points to the Linux eth0 IP address. That would
certainly be needed if you don't have it in there.
-Rick
------------------------------
From: "Brian" <[EMAIL PROTECTED]>
Subject: IP Masquerading Help
Date: Mon, 11 Jan 1999 21:06:29 -0800
=====BEGIN PGP SIGNED MESSAGE=====
I need some help getting IP Masquerading to work. Here is my situation:
I have a Linux machine running Redhat 5.1 with two NICs. One connected to
the Internet, the other to a local network. I also have a few MS machines on
the local network.
Both NICs in the Linux machine have static IPs (A.B.75.43 from my ISP �eth1
- - and 192.168.100.2 for the local net � eth0). The MS machines have their
IPs dynamically assigned by an NT server (also on the local network) in the
range of 192.168.100.200-250. (The NT server has a static IP of
192.168.100.1)
Everybody can ping everybody else and I can get onto the Internet from the
Linux machine. Before this started, I could even see and copy files to and
from the Linux machine from Network Neighborhood in 98.
In trying to setup IP Masquerading on the Linux box, I logged in as root,
changed to the /usr/src/linux directory and ran make config. I answered yes
to the following questions:
CONFIG_EXPERIMENTAL
CONFIG_MODULES
CONFIG_NET
CONFIG_FIREWALL
CONFIG_INET
CONFIG_IP_FORWARD
CONFIG_IP_FIREWALL
CONFIG_IP_MASQUERADE
CONFIG_IP_MASQUERADE_IPAUTOFW
CONFIG_IP_MASQUERADE_ICMP
CONFIG_IP_ALWAYS_DEFRAG
CONFIG_DUMMY
After compiling, I ran make modules ; make modules_install ; make dep ; make
clean
I then added the following lines to the end of my /etc/rc.d/rc.local file:
/sbin/ipfwadm �F �p deny
/sbin/ipfwadm �F �a m �S 192.168.100.0/24 �D 0.0.0.0/0
/sbin/depmod �a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
Then rebooted.
To make a long story not quite as long, I still can�t get to the Internet
from any machine other than the Linux machine. Everybody can still ping
everybody else, but I can no longer see the Linux machine in Network
Neighborhood (the domain is still there).
One of the messages I see flash by at boot time says �net mask doesn�t match
route address� followed by the usage screen for route. I am pretty sure that
I have traced this down to eth1 (the external NIC). In fact, I think I have
traced it to the command ifup_routes eth1. There are also a number of �no
dependency information for module�� messages, but they go by too fast to
read (one of them is for appletalk.o). I know there has to be a log of this
somewhere, but I can�t find it.
I don�t know if this has anything to do with the problem I am having, but
any assistance with getting me out of this mess would be greatly
appreciated.
=====BEGIN PGP SIGNATURE=====
Version: PGP 5.5.5
iQEVAwUBNprYUsyNMw5mG1pxAQF+3gf+Ky3zZPcr33unVYlO/F/uKKf6zv2YwRik
wbONNrs4+McZ3rrVek33koumTgFcnfAgxWvHOU2H2vYaPDkHHH5fChcYnjFOS60H
Z9ayd0gQffPXAzFgIvm5/Myfe8MutW6suMU5IviJmFjADVaUNVMadzrY04QAV0gL
0nKpcTKNVmzjzvJdlbW+poY5NkFpivgJ+6I9DHtDIELMJVK7nCkpLTpwpOUk9+/n
J1y8fFxsjxyGAGGYwypax1mjzKbkvfaMb14XMUqE17ry+7l7637wP8Im/d3VudIQ
RPGZpFW6Wdii81jsTZYlevDiV1WNjhLz7QPdWq42iiNduqlKZ0wcag==
=L5c1
=====END PGP SIGNATURE=====
------------------------------
From: Habe Nichts <[EMAIL PROTECTED]>
Subject: Re: ~user accounts
Date: Tue, 12 Jan 1999 10:34:49 +0100
On Fri, 08 Jan 1999, Matt Chipman wrote:
>Hi all
>
>Okay so.....
>
>I have the Apache server running and the "Its worked" page comes up now i
>want to create ~user accounts so people can have their own web space.
>
>using xwindows i have created an account named "matt" and given it a
>password. I can log into this account and its own dir was created. I can
>telnet and ftp to it. I have a Index.htm web page in there but Apache wont
>find it.
>
>This account and the directory is called "matt" not "~matt" so how and when
>does the "~" come into things?
>
>Even a web page url with an explanation on the ~user accounts issue would be
>a big help.
>
>
>Thanks Matt Chipman
On Apache the default html path is username/public_html. The default index file
is index.html. The page can be reached via www.blabla.com/~username.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
