Linux-Networking Digest #895, Volume #9 Sat, 16 Jan 99 09:14:50 EST
Contents:
Blocking UDP with Firewall (J. Paul Reed)
two network cards ("steve")
Setting up a linux box as a router with IP adress translation ("Joakim Kosmo")
Re: PCMCIA/D-link 660/RH5.1 ethernet problems (Gilberto Colangelo)
Re: stranger on port 9 and 111 ("Robert L. Ziegler")
Re: What does this mean? Please? (Paul Jatkowski)
Re: This is Linux, not Windows, so why not superior flexibility AND idiot-friendly?
(David Steuber)
Re: This is Linux, not Windows, so why not superior flexibility AND idiot-friendly?
(David Steuber)
Re: Emacs! Re: Easy UNIX editor (Conrad C. Nobili)
Re: Security hole with WU-FTPD (M. Buchenrieder)
Re: Security hole with WU-FTPD (M. Buchenrieder)
Re: This is Linux, not Windows, so why not superior flexibility AND idiot-friendly?
(David Steuber)
Re: Fetchmail Stops Fetching: Why? (David Steuber)
Re: help with Apache setup (Lei Miao)
SAMBA 2.0 Sssssslllllllooooooowwwww ("Andy McKenzie")
Re: Setting up RH 5.2 for ip_forwarding (John Wolanski)
Re: Samba win95/98 over the internet (Yan Seiner)
ppp-2.3.4: CHAP problem (HELP)
Re: ip-masquerading (John Wolanski)
ipportfw - protocol not available ("Dirk Leas")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (J. Paul Reed)
Subject: Blocking UDP with Firewall
Date: 15 Jan 1999 08:55:53 GMT
Hey all!
I apologize if this is a FAQ; I did search Dejanews and read some Howto's,
but nothign answered my question; here's my firewall setup:
/sbin/ipfwadm -I -f
/sbin/ipfwadm -I -p deny
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -a accept -D $CURRENTIP -k
/sbin/ipfwadm -I -a accept -W lo
/sbin/ipfwadm -I -a accept -P icmp -S 0.0.0.0/0 0 3 11 12
/sbin/ipfwadm -I -a deny -P icmp
/sbin/ipfwadm -I -a accept -P tcp -D $CURRENTIP 23
/sbin/ipfwadm -I -a accept -P tcp -D $CURRENTIP 21
/sbin/ipfwadm -I -a accept -P tcp -D $CURRENTIP 20
/sbin/ipfwadm -I -a accept -P tcp -D $CURRENTIP 22
/sbin/ipfwadm -I -a accept -P tcp -S 0.0.0.0/0 20 -D $CURRENTIP 1025:65535
/sbin/ipfwadm -I -a accept -P tcp -D $CURRENTIP 113 -o
/sbin/ipfwadm -I -a accept -P tcp -S 10.9.8.7 -D $CURRENTIP 635
# 10.9.8.7 is the IP of the machine I wante to be able to do the remote
# mount; that machine and ONLY that machine.
/sbin/ipfwadm -I -a deny -P tcp -D $CURRENTIP 6000:6009 -o
/sbin/ipfwadm -I -a deny -P tcp -D $CURRENTIP 0:1024 -o
/sbin/ipfwadm -I -a deny -P udp -D 10.0.0.255 0:1024 -W eth0
/sbin/ipfwadm -I -a deny -P udp -D 0.0.0.0/0 0:1024 -W eth0
/sbin/ipfwadm -I -a deny -P tcp -D 0.0.0.0/0 2049 -o -W eth0
/sbin/ipfwadm -I -a deny -P udp -D 0.0.0.0/0 2049 -o -W eth0
$CURRENTIP is my current IP address; I think we can safely assume for this
example that it's 10.0.0.1, but in reality this computer's on the network;
this firewall is to protect my personal machine, so it's not your typical
firewall.
My question is this:
I'm blocking UDP traffic, and yet I've got an NFS mounted file sysytem
that's working perfectly; how's that occuring?
Both rpcinfo and netstat do indeed show rpc.nfsd listening on port 2049,
but shouldn't the UDP packet be blocked with the above?
What do you recommend: a -b for the response to the packet, or a -k up top
to take care of all responses?
Also, anyone see any chinks in the armor here?
Thanks for your help!
Later,
Paul
-------------------------------------------------------------------------
J. Paul Reed Among other things, just another perl hacker
#!/usr/bin/perl unless ($you =~ /spammer/) { print "Email me!\n"; }
@MyEmailAddresses = ('[EMAIL PROTECTED]','[EMAIL PROTECTED]');
$MyWebPage = "http://www.psd.k12.co.us/~preed";
------------------------------
From: "steve" <[EMAIL PROTECTED]>
Subject: two network cards
Date: Thu, 14 Jan 1999 11:43:43 -0600
I am trying to get two network cards running in my box but the second card
is not working gives error 3c509.0 io not found
Thanks Steve
------------------------------
From: "Joakim Kosmo" <[EMAIL PROTECTED]>
Subject: Setting up a linux box as a router with IP adress translation
Date: Tue, 12 Jan 1999 18:43:01 +0100
First:
Although I have experience with other dialects of UNIX and networking, I'm
new to Linux. So keep it simple.
The Problem:
I've a PC with a continuous connection to the internet through a cablemodem,
with more than adequate speed. The ISP run DHCP. As my daugther and wife are
using this PC more and more, there is less and less time for me. Therefore I
would like to set up a new PC utilizing my connection (and maybe more in the
future, setting up a couple of servers would be nice).The cablemodem is
connected to my PC through a small Ethernet, but the manual says that
connecting more PC to this LAN could cause problems. And even if this should
work my ISP will not give out more than one IP address.
My solution:
I would like to set up a LAN connecting all the PCs, configuring the PCs
with IP addresses in the 10.* range. Traffic towards the internet would be
routed through a 486 (connected to the cable modem) with Linux (I hope if
this is possible, I might use Novell instead) running some router software
and translating/ masking the IP addresses on the LAN with It's own IP
address (which it download from my ISP's DHCP server).
My questions:
Would somebody with Linux experience tell me if this is possible under
Linux? Have anybody out there tried a solution like this? To do this I would
need router SW, and firewall SW (to do the address translation), is this
software standard in the Linux packages? And finally I would appreciate if
you could direct me to manuals and other online information.
Joakim Kosmo
Oslo
Norway
------------------------------
Date: Fri, 15 Jan 1999 12:29:19 +0100
From: Gilberto Colangelo <[EMAIL PROTECTED]>
Subject: Re: PCMCIA/D-link 660/RH5.1 ethernet problems
On Thu, 14 Jan 1999, Ulf Leichsenring wrote:
> On 07 Jan 1999 10:36:32 -0800, [EMAIL PROTECTED] (Bernard J.Kozioziemski)
> wrote:
>
> >
> >Greets,
> >I have an Acer Extensa 366D laptop that I'd like to hook up to a cable
> >modem. I currently have a D-link PCMCIA DE-660 Ethernet card, but I cannot
> >seem to get things to work. I tried with both the RedHat 5.1 kernel and
> >pcmcia-3.0.0 package, as well as kernel 2.0.36, without success. Upon
> >booting or inserting the card, it is detected and identified as the D-Link
> >DE-660 Ethernet Card. Modules pcmcia/pcnet_cs.o and net/8390.o are
> >inserted. /var/log/messages shows: eth0: NE2000 Compatible: port 0x300, irq
> >5, hw_addr 00:80:c8:8B:DF:96
> >
> >ifconfig lists eth0 with the correct addresses. The problem is that no
> >traffic seems to come in or out... a ping to an ip address doesn't find an
> >machine, and trying to ping my computer from the net fails as well. I've
> >set the addresses and such in netcfg, looked at the docs for pcmcia
> >package, fiddled, etc, all without any luck. If someone could provide some
> >pointers, symptoms to look for, or anything, I'd apprecite it. Thanks,
> Sorry, I couldn't help you, but I have the same weired things
> happening using a 3Com 3C574TX (10/100 PCMCIA Ethernet) on a Toshiba
> Tecra 8000 Notebook with Kernel 2.0.35/2.0.36 and pcmcia 3.0.6 (SuSE
> distribution). The card is identified by cardmgr, ifconfig shows
> everything allright but no traffic is sent or received.
> I even tried another Tecra and another 3c574 to make sure there's no
> hardware damage.
>
> It seems to be a problem in the pcmcia subsystem. When I use a 3c589
> instead, everything's ok.
>
> I hope, somebody can give us some tricks/patches to make things work.
Just to add my experience which looks similar:
I have a Laptop of "Multimedia Notebook Computer" distributed in Italy
under the name of Geo Itinera. I bought a Kingmax Ethernet Pcmcia Card,
which actually worked perfectly for a few days (I have Redhat 5.2, and the
latest pcmcia package 3.0.6).
Then suddenly, one day I couldn't get connected anymore, and since then,
after many tries and changes, it hasn't worked anymore.
Recently I have tried another card, a Farallon etherwave card, with
exactly the same results (notice that the first card uses the pcnet_cs
module, while the second one the 3c589_cs).
Summarizing the symptoms:
The card is recognized by the pcmcia card manager (both cards). ifconfig
(and route -n too actually) shows everything alright, but when pinging an
IP number all packets go lost. The same happens if somebody from outside
tries to ping the laptop.
To add more elements of confusion:
1. I have tried to use both cards under Windows98 too, but with similar
results: Windows recognizes them, and states that they are working
perfectly, but then cannot connect to the net.
2. Both under Windows and Linux I have used a Modem card successfully. On
the same slot.
I am really totally confused and don't know anymore where to look and what
to try.
Any kind of help is greatly appreciated.
Gilberto Colangelo
------------------------------
From: "Robert L. Ziegler" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: stranger on port 9 and 111
Date: Tue, 12 Jan 1999 12:42:10 -0500
Stef wrote:
>
> A have some stranger connected to ports of the following services:
> discard (9), sunrpc (111), mountd and nfsd
> I see the IP of the stranger via netstat. Since I'm not sure wether he
> can do any harm or not, I stopped mountd and nfsd.
sunrpc, mountd and nfs are 3 well-known and very vulnerable points of access.
They represent services which weren't designed for internet use. Definitely
don't run those daemons without a firewall to block outside access to them.
Bob
------------------------------
From: Paul Jatkowski <[EMAIL PROTECTED]>
Subject: Re: What does this mean? Please?
Date: Fri, 15 Jan 1999 11:39:48 GMT
It looks to me like the driver is having trouble talking to the
card. The message indicates that the driver is waiting for a
"Remote Dma Complete" response from the card after it
has told it to send the packet. Could be that the card is not really
NE2000 compatable. W/ PCI I would think the driver would
find the correct I/O & IRQ values, but maybe not:? I'd also check
your cables & make sure the link light is on on you hub.
Good luck.
Paul
Nazeeh Amin wrote:
> hi..
> I am trying to setup a small 2 computer lan using ethernet cards.
> now... It worked on Windows (useless..) My Linux box seems to have a
> problem pinging the Windows machine... my card is a PCI cheap thing...
> the driver i used was the NE2000 PCI which loaded fine. I setup my IP:
>
> eth0 Link encap:10Mbps Ethernet HWaddr 00:C0:26:C0:90:59
> inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0
> TX packets:0 errors:0 dropped:0 overruns:0
> Interrupt:10 Base address:0xd400
>
> and my routing : using route add -net 10.0.0.0 netmask 255.255.255.0
> eth0
> now... my machine does not ping the other one at all... and in my syslog
> i get this error :
>
> eth0: timeout waiting for Tx RDC.
>
> What does this mean?! I really gotta get this working so that i can
> convince my Boss at work to drop out on NT and get Linux up and
> running.. can someone please help me..
> email me if you can help.. it's urgent... thanx....
>
> Nazeeh Amin..
>
> --
> Second Law of Business Meetings:
> If there are two possible ways to spell a person's name, you
> will pick the wrong one.
>
> Corollary:
> If there is only one way to spell a name, you will spell it
> wrong, anyway.
------------------------------
From: David Steuber <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.misc,comp.os.linux.portable,comp.os.linux.powerpc,comp.os.linux.setup
Subject: Re: This is Linux, not Windows, so why not superior flexibility AND
idiot-friendly?
Date: 15 Jan 1999 21:52:13 -0500
"Richard S. Lumpkin" <[EMAIL PROTECTED]> writes:
-> Why don't you yap about this on the advocacy newsgroups and level the
-> technical discussions groups out of it. We're trying to help and learn
-> about Linux, whining about how hard you find it has no place here.
I think a gentle suggestion and _setting followups_ would have been
sufficient.
--
David Steuber
http://www.david-steuber.com
s/trashcan/david/ to reply by mail
"Hackers penetrate and ravage delicate, private, and publicly owned
computer systems, infecting them with viruses and stealing materials
for their own ends. These people, they're, they're terrorists."
-- Secret Service Agent Richard Gill
------------------------------
From: David Steuber <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.misc,comp.os.linux.portable,comp.os.linux.powerpc,comp.os.linux.setup
Subject: Re: This is Linux, not Windows, so why not superior flexibility AND
idiot-friendly?
Date: 15 Jan 1999 21:36:50 -0500
[EMAIL PROTECTED] (MalkContent) writes:
-> Since the demise of commercially available Dos - based software,
-> I have been stuck with adjusting to Windoze.
My first impression of Windows 3.0 was, "nice try. Almost as nice as
a Mac. Not!"
I started to like it when I programed for 3.1. Mind you, I had never
seen Unix or anything like it at this point. I came from CP/M, DOS,
TRS-DOS.
-> I don`t have a really snazzy job, I work in a warehouse.
-> I however am a consumer. I buy things I can use.
I am a software engineer as well as a consumer. My job is often
tedious too.
-> Having just bought RedHat 5.2, I thought I was going to shit a horse!
LOL! I hope you don't have hemeroids.
-> This stuff is user tolerant. That's it.
-> (unless of course you're one of the tech-elite...cos this discussion keeps
-> degrading into elitist convo.)
It was designed for people who hate to type but have an amazing memory
for all those damnd command line switches and other commands in the shell.
-> aIts a pain in the backside to mount then unmount a CDROM.
-> even though it looks like :
-> mount dev/cdrom /mnt/cdrom/blahblahblah
I agree. I use /cdrom as my mount point and I have this line in my
/etc/fstab file:
/dev/hdc /cdrom iso9660 ro,noauto,user 0 0
That way, all I type is:
mount /cdrom
and
umount /cdrom
-> Most users probably agree that that's a whole bunch of extra effort.
-> If Linux is so great as described, why's it so painful for the john doe to use?
The biggest reason is because OEMs like Compaq, Dell, etc are not
shipping computers with Linux preinstalled and configured to the
consumer.
The distributers also have fewer resources to create a full blown
automatic installation procedure. It is much easier than it used to
be, but you still need to know somethings about your hardware.
-> Windoze is a necessary evil - access for the uninformed, or unwilling
I think such people should get an iMac instead.
-> Masochists (like myself) grab Linux out of a box, and find there's a whole
-> boatload of tweaking we need to do to use it. john doe won't.
We don't all have such difficult times. At least you stuck with it.
Many people give up after five minutes and post crap about how bad
Linux is. At least you have given it a chance and are not telling any
lies about the shortcommings of your distribution.
-> The real evil of M$ is their monopolistic practices.
-> The real good of linux is that its like philosophy - free to all for their use.
I can go along with that. I also like the fact that Linux can be
customized to your personal taste. You don't have such choice with
other PC operating systems.
-> Then again, someone out there is gonna flame the hell outta this,
-> and Gates' lawyers probably want me dead now too! =)
I don't see why this deserves any flames, except that it should be
posted to just the advocacy group. Meanwhile, if any of Gate's goons
show up, give me a call. I know a good river near by where the crabs
will eat anything. ;-)
--
David Steuber
http://www.david-steuber.com
s/trashcan/david/ to reply by mail
"Hackers penetrate and ravage delicate, private, and publicly owned
computer systems, infecting them with viruses and stealing materials
for their own ends. These people, they're, they're terrorists."
-- Secret Service Agent Richard Gill
------------------------------
From: [EMAIL PROTECTED] (Conrad C. Nobili)
Crossposted-To:
comp.os.linux.misc,comp.os.linux.portable,comp.os.linux.powerpc,comp.os.linux.setup,comp.editors
Subject: Re: Emacs! Re: Easy UNIX editor
Date: 16 Jan 1999 11:20:52 GMT
Ilya ([EMAIL PROTECTED]) wrote:
: He got a good point. But then he asked for "EASY" Unix editor, not the
: most efficient one. The easiest one is emacs.
You're on fucking crack! ;-)
: Learn a dozen or two
: easy commands and you are ready to do anything. I feel the learning curve
: is flatter than for vi (and I used both for years.)
Many times in the past 16 years or so I have fired up emacs and started
the tutorial. Almost invariably the end result has been my starting up
another terminal session and killing the process. After all, how does
one produce a Meta-Alt-Shift-Ctrl-Esc-X-Q *when there's no fucking Meta
key on the keyboard*?!? ;-)
The only reason I have fired up emacs so many times is that I know that
it is indeed the one true way. Unfortunately my fingers learned vi (my
brain long since forgot it) a long time ago. And they're pretty goddamn
good at it -- they've impressed emacs users who have impressed me.
: When I have to do a lot of editing, I use vi. Like programming. I can move
: in the buffer a bit faster and not take my hands off home row.
You don't know shit about staying on the home row unless you type with
a Dvorak keyboard layout. aoeuidhtns- ;-)
I love it. There's real stuff to be said about editors, but this same
emacs vs. vi argument is pretty vacant and hasn't changed much in the
decade and a half that I've followed it.
--cn
Conrad C. Nobili N1LPM [EMAIL PROTECTED] Harvard University NDTL
------------------------------
Crossposted-To:
comp.security,comp.security.unix,redhat.general,redhat.networking.general,aus.computers.linux
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Security hole with WU-FTPD
Date: Sat, 16 Jan 1999 08:44:05 GMT
Barry Margolin <[EMAIL PROTECTED]> writes:
[...]
>>you crippled the security
>What are you talking about? Someone apparently broke into their system and
>somehow added that passwd entry.
No. The entry in the /etc/passwd file had been added _before_ the attack
could take place. So either the security had been compromised before, then
the FTP attack would have been useless (since the intruder obviously had
root access alreeady), or the entry has been made by the sysadmin just
to _allow_ FTP access with root permissions.
>How do you translate that to "you
>crippled the security"?
Running an FTP access with root perms translates to "no security enabled" .
OTOH, if the /etc/passwd file was world writeable, then the intruder
may have changed /bin/login or the wu-ftpd executable already just
to allow this.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
------------------------------
Crossposted-To:
comp.security,comp.security.unix,redhat.general,redhat.networking.general,aus.computers.linux
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Security hole with WU-FTPD
Date: Sat, 16 Jan 1999 08:37:27 GMT
Daryle Niedermayer <[EMAIL PROTECTED]> writes:
>This is a multi-part message in MIME format.
Rubbish.
[...]
>We had a hacker exploit a weakness in the WU-FTP daemon last night.
No.
>The exploit on a machine named "bob" from a machine named "neale"went like
>this:
>Here's how part of the exploit happened:
Not "exploit" . It's called "stupidity".
>By adding an entry to the bottom of the passwd file:
>test::0:0:dummyname:/:/bin/bash
>without a password marker, our login scripts will not let you login with
>a
>shell, but they will let you open an ftp connection with root
>permissions.
[...]
You shot yourself into the foot. Setting up an FTP-only account
with root permissions is as silly as displaying the root password
at the login screen. Sheesh.
And if you did not set it up that way, then your security has been
compromised before, since standard users can't write to the /etc/passwd
file at all.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
------------------------------
From: David Steuber <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.misc,comp.os.linux.portable,comp.os.linux.powerpc,comp.os.linux.setup
Subject: Re: This is Linux, not Windows, so why not superior flexibility AND
idiot-friendly?
Date: 15 Jan 1999 21:42:59 -0500
[EMAIL PROTECTED] (Larry) writes:
-> you can even write a little script for each one of these if that's
-> too much typing for you. Name 'em cdin and cdout or even ci and co
-> or just m and u.
DON'T name them co and ci. Those are commands used by rcs to check
out and check in files.
--
David Steuber
http://www.david-steuber.com
s/trashcan/david/ to reply by mail
"Hackers penetrate and ravage delicate, private, and publicly owned
computer systems, infecting them with viruses and stealing materials
for their own ends. These people, they're, they're terrorists."
-- Secret Service Agent Richard Gill
------------------------------
From: David Steuber <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: Fetchmail Stops Fetching: Why?
Date: 15 Jan 1999 20:44:26 -0500
I haven't tried it in daemon mode. I put it in a crontab instead.
--
David Steuber
http://www.david-steuber.com
s/trashcan/david/ to reply by mail
"Hackers penetrate and ravage delicate, private, and publicly owned
computer systems, infecting them with viruses and stealing materials
for their own ends. These people, they're, they're terrorists."
-- Secret Service Agent Richard Gill
------------------------------
From: Lei Miao <[EMAIL PROTECTED]>
Subject: Re: help with Apache setup
Date: Sat, 16 Jan 1999 12:01:20 GMT
if you are sure that you have your .html files (index.html in particular) at
the right location ie. DocumentRoot, perhaps you forgot to restart the
server to have the settings take effect. ie kill -HUP <httpd pid>
Lei
"Ashwin K. Raj" wrote:
> I have installed APACHE WEB SERVER on a LINUX machine that is connected to
> the network when on Windows95. This machine has both LINUX and W95.
>
> I set up the server and edited the /etc/*.conf files. The BindAddress was
> changed to this machine's IP address on the network and I let the default
> Document Root be the default, i.e.,
> DocumentRoot "/usr/local/apache/share/htdocs"
>
> Still, when I type in this machine's IP address from another machine on
> the web, I get the default "it worked!" page, and I have no idea where the
> index.html and other documents are located if it isin't the default. I
> tried changing DocumentRoot and accordingly moved the files, but the same
> page still appears.
>
> This is probably very basic to all of you, and maybe that's why I still
> have not found anyone else having the same doubt. But I am in dire need of
> kind enlightenment, after which I will continue setting up the server.
>
> Somebody please help...
>
> Thanks.
>
> Ashwin
------------------------------
From: "Andy McKenzie" <[EMAIL PROTECTED]>
Subject: SAMBA 2.0 Sssssslllllllooooooowwwww
Date: Sat, 16 Jan 1999 06:48:06 -0600
I have RH 5.2 with kernel 2.0.36 running on a multia, and Samba is only
serving 80KB per second over 100Mb Ethernet. Samba 2.0.0beta 5 worked much
better, transferring about 1.6 MB/s. FTP averages 2.4MB/s. Any ideas on
smb.conf options or compile options which could improve this??
Thanks.
------------------------------
From: John Wolanski <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Setting up RH 5.2 for ip_forwarding
Date: Sat, 16 Jan 1999 07:59:56 -0500
To enable forwarding, you have to use that handy text editor, joe to
edit the following file:
/etc/sysconfig/network
And change IPV4_FORWARD to equal yes or true , whicever is the
opposite of what it is currently.
[EMAIL PROTECTED] wrote:
> What do I put in my /proc/sys/net/ipv4/ip_forward file to enable
> ip_forwarding. I have a handy text editor, joe, for editing this.
> Also, it appears that one of the rc script files is set up to read this file.
> Do I need to do anything more to this file?
--
-John Wolanski
Remove the "_removethis" from my email address to reply.
------------------------------
From: Yan Seiner <[EMAIL PROTECTED]>
Subject: Re: Samba win95/98 over the internet
Date: Sat, 16 Jan 1999 06:55:16 -0500
>From what I hear, ssh will allow you to tunnel through firewalls and set up
a secure connection. I have the software (do a search for ssh-1-2) and you
should locate the UNIX source and a PD DOS version. Later versions for DOS
are proprietary and pricey.
I have not had any luck getting this to work (see my somewaht frantic
messages here and other NGs).
If you make any headway, let me know.
Yan
joey smith wrote:
> I currently have a RedHat 5.1 box running on a permenant ip and it has a
> samba shared directory up and working fine (on all networked computers
> I've checked on campus). I have no idea if the network the linux box is
> on is behind a firewall. Its a large university, so I suppose the
> network probably is. However, I want to allow another machine (not on
> campus) to mount the samba shared drive. Both machines have perm ip's
> and internet connections. If someone could give me a nudge in the right
> direction, and things to watch out for in terms of security, it would be
> appreciated.
> joeysmith
------------------------------
From: HELP <[EMAIL PROTECTED]>
Subject: ppp-2.3.4: CHAP problem
Date: 16 Jan 1999 10:59:42 GMT
hi
I have problem to connect to my ISP which is using CHAP.
so debuging information looks like..
Jan 10 05:43:46 darkstar pppd[238]: sent [LCP ConfReq id=0x1
<magic 0x7623ae84> <pcomp> <accomp>]
Jan 10 05:43:46 darkstar pppd[238]: rcvd [LCP ConfReq id=0x0
<asyncmap 0x0> <auth chap 80> <magic 0x5ec1> <pcomp> <accomp>]
Jan 10 05:43:46 darkstar pppd[238]: sent [LCP ConfRej id=0x0
<auth chap 80>]
Jan 10 05:43:46 darkstar pppd[238]: rcvd [LCP ConfAck id=0x1
<magic 0x7623ae84> <pcomp> <accomp>]
Jan 10 05:43:46 darkstar pppd[238]: rcvd [LCP TermReq id=0x1
00 00 02 dc]
Jan 10 05:43:46 darkstar pppd[238]: sent [LCP TermAck id=0x1]
my chap-secrets contains only two line: NT guest
guest NT
my ISP expects guest for username and no password.
I run ppp like "pppd name guest remotename NT /dev/modem 38400 defaultroute"
I had compiled ppp-2.3.4 with "make CHAPMS=1 USE_CRYPT=1"
and my options file contains two line: lock and usehostname
I'm using slackware 3.6.
Sorry for my terrible english.
Thanks.
------------------------------
From: John Wolanski <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.alpha
Subject: Re: ip-masquerading
Date: Sat, 16 Jan 1999 08:06:04 -0500
Try editing /etc/sysconfig/network and change IPV4_FORWARD= to yes
or true.
Bart wrote:
> I am experiencing the same problem on RH 5.1 / Noname. The suggested lines
> below are not working either...
> I thought it had to do with too small packets from ipfwadm for (certain
> versions of?) glibc...?
> Anyone have a clue?
> > Here what I have, because I use 192.168.1.1 as my local gateway
> > ipfwadm -F -a m -S 192.168.1.0/16 -D 0.0.0.0/0
> > I assume (below) should work
> > ipfwadm -F -a m -S 192.168.0.0/16 -D 0.0.0.0/0
--
-John Wolanski
Remove the "_removethis" from my email address to reply.
------------------------------
From: "Dirk Leas" <[EMAIL PROTECTED]>
Subject: ipportfw - protocol not available
Date: Fri, 15 Jan 1999 14:16:48 GMT
I've rebuilt the kernel (on two fresh machines that had ipfwadm configured
and running perfectly) and compiled ipportfw as the instructions suggested
and still get this error.
Looked through dejanews and found nothing. What's the beef?
As a interim work-around, I've installed rinetd (took a whole 3 minutes to
install and configure -- works nicely), but am assuming that ipportfw would
be significantly faster since it's built into the kernel.
Any advise?
TIA,
Dirk
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
