Linux-Networking Digest #985, Volume #9 Sun, 24 Jan 99 10:17:06 EST
Contents:
Re: Firewalling (Leon Harris)
FTP and firewalls (Leon Harris)
Linux --> Company NT RAS - Can it be done? ([EMAIL PROTECTED])
>>> Subscribe me to this newsgroup <<< (Temp Account)
Re: Connect without hub (Miguel Cruz)
Re: Firewall or IPMasq or Both: Need Recommendation (Malware)
Is there an application allow us to read MS Exchange mails in Linux ?
([EMAIL PROTECTED])
Re: Linux --> Company NT RAS - Can it be done? (Luca Filipozzi)
dhcp and 2.2.0-pre9 (final) problems (Jesse)
Re: 192.168.1.1 und 10.0.0.72 (Juergen Heinzl)
Re: DNS with ppp and eth0 (Clifford Kite)
Re: Using Linux NIS client in Solaris NIS Domain (shin)
Re: How do I access mails in Outlook on Linux (Chris Jones)
Need help setting up Linux as pptp client (Mark Warren)
WORKS! 3CCE589ET and RH5.2/kernel 2.0.36, PCMCIA 3.0.5 (Jose Nazario)
PPP works for Inet, but not for ISP resources ([EMAIL PROTECTED])
Re: FTP and firewalls (Luca Filipozzi)
Re: Need help setting up Linux as pptp client (Luca Filipozzi)
Re: Simple? Sendmail newbie question (Dave Bailey)
Re: Mount WIN9x drive across LAN (Dave Roznar)
Re: >>> Subscribe me to this newsgroup <<< (Mark Cooperstein)
Samba/mgetty+sendfax (r)
Re: RedHat 5.2/NIS/netgroups (Thorsten Kukuk)
----------------------------------------------------------------------------
Date: Sat, 23 Jan 1999 14:08:11 +0800
From: Leon Harris <[EMAIL PROTECTED]>
Subject: Re: Firewalling
Hi Donovan.
You will probably want to allow traffic through port 80 (www), port 443
(used by ssl), and of course DNS (53) and icmp at least. Do you want
other stuff? ftp (see my plea for advice just after this)
I operate a firewall for a small business and we hope to do some web
enabled database work - if you like, I can send you my rules, as a place
to start.
Another very helpful tool is called mason - by a bloke called William
Stearns ( who certainly seems to know his stuff). This clarified a lot
of firewalling issues for me, and allowed me to take my half-working
rule set, and fix it. see http://www.pobox.com/~wstearns/mason/
The idea is - you set up a ruleset to deny and log everything - mason
continually logs your /var/log/messages and generates an ipfwadm rule to
allow that traffic in, and saves the rule to a file. The idea is that
you do all the stuff you would normally want to, collect the rules,
tweak them to make them genarlised, and after a few hours/iterations,
you have a firewall. Very nice for simple stuff.
hope this helps,
leon
------------------------------
Date: Sat, 23 Jan 1999 13:48:11 +0800
From: Leon Harris <[EMAIL PROTECTED]>
Subject: FTP and firewalls
Hi to all again. !
this time a more specific question:
What is the best way to allow ftp through a firewall?
currently, I am using something like
# allow us to initiate a tcp request
ipfwadm -I -a accept -P -W eth0 tcp -S from_address -D to_address 20
ipfwadm -I -a accept -P -W eth0 tcp -S from_address -D to_address 21
# allow it out of the firewall box
ipfwadm -O -a accept -P tcp -W ppp0 -S from_address -D to_address 20
ipfwadm -O -a accept -P tcp -W ppp0 -S from_address -D to_address 21
ipfwadm -I -a accept -P tcp -k -W ppp0 -S to_address -D from_address 20
ipfwadm -I -a accept -P tcp -k -W ppp0 -S to_address -D from_address 21
ipfwadm -O -a accept -P tcp -k -W eth0 -S to_address -D from_address 20
ipfwadm -O -a accept -P tcp -k -W eth0 -S to_address -D from_address 21
# allow high port traffic, negotiated on the lowerports
ipfwadm -I -a accept -P tcp -k -W ppp0 -S from_address -D to_address
1024:65535
ipfwadm -O -a accept -P tcp -k -W ppp0 -S to_address -D from_address
1024:65535
ipfwadm -I -a accept -P tcp -k -W eth0 -S from_address -D to_address
1024:65535
ipfwadm -O -a accept -P tcp -k -W ppp0 -S to_address -D from_address
1024:65535
My specific question - is there any secure way to do this, other than
opening up all
the high ports ? Does the ip_masq_ftp module accomplish this outside of
a masquerading environment? Are there any other tools. I have a job next
week where I have to figure this out - any pointers would be much
appreciated.
Ta,
Leon
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.setup
Subject: Linux --> Company NT RAS - Can it be done?
Date: Sat, 23 Jan 1999 13:31:46 -0500
My company runs an intranet with a Win NT RAS for dialup access. To
connect we have to dial into a third party PPP access network. So
under Win 95 you have a PPP dialup connection with a username/password
AND you have to set up networking to logon to a NT server with a
different username/password after connecting.
First question: Can I do this running Linux? And if so, as much detail
as possible since I'm fairly new to Linux! I looked in various HOWTO's
and FAQ's and my ears started to bleed....
Next question: Our email is kept on an Exchange server on this same
network. I don't know what protocol it uses (and certainly I won't
have any influence on what IS being used!). Is there some possibility
to retrieve/send under Linux?
--
Take out the 99 from my address to reply via email.
------------------------------
From: Temp Account <[EMAIL PROTECTED]>
Subject: >>> Subscribe me to this newsgroup <<<
Date: 23 Jan 1999 18:34:27 GMT
I wish to subscribe on this newsgroup
Please put me your list.
Thanks a lot.
Donnie.
------------------------------
From: [EMAIL PROTECTED] (Miguel Cruz)
Crossposted-To:
comp.dcom.lans.ethernet,comp.sys.sun.admin,comp.os.ms-windows.networking.win95
Subject: Re: Connect without hub
Date: 24 Jan 1999 05:48:18 GMT
Jerry Mendes <[EMAIL PROTECTED]> wrote:
> I may be wrong, but I believe 10BaseT and 10/100 cards need to see a "Link
> Beat" signal from a hub before they will work; therefore, a simple
> crossover cable won't work.
I suspect you are wrong. Why? In this room alone there are three different
pairs of machines linked by crossover cables. They have various combinations
of Ethernet card makes and models, none of which showed any incompatibility.
miguel
------------------------------
From: Malware <[EMAIL PROTECTED]>
Subject: Re: Firewall or IPMasq or Both: Need Recommendation
Date: Sat, 23 Jan 1999 20:08:10 +0100
Hi Dan,
you wrote:
> Put the servers *outside* the Masq host.
> Put your customers *inside* the Masq host.
It might cause a lot of trouble if the customers can not get there
packets through the maquerading. It depends on the contract but they
maybe can sue one for.
Malware
------------------------------
From: [EMAIL PROTECTED]
Subject: Is there an application allow us to read MS Exchange mails in Linux ?
Date: Sat, 23 Jan 1999 19:24:06 GMT
Hi,
Does anyone out there know of such application -- where we can actually
read our mail from the MS Exchange server (non-POP3) and it runs on Linux
/or Unix ?
"An effective way of promoting true computer literacy would be to make
Unix basics part of the curriculum... for everybody." -- Martin Vermeer
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Crossposted-To: comp.os.linux.setup
Subject: Re: Linux --> Company NT RAS - Can it be done?
Date: Sat, 23 Jan 1999 12:17:24 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> My company runs an intranet with a Win NT RAS for dialup access. To
> connect we have to dial into a third party PPP access network. So
> under Win 95 you have a PPP dialup connection with a username/password
> AND you have to set up networking to logon to a NT server with a
> different username/password after connecting.
Is the third-party PPP access network directly connected to your company
intranet (i.e. relatively secure) or is it connected to the Internet
(i.e. relatively insecure)?
If it's the latter, then it sounds like you have a Win NT RAS server
directly connected to the Internet. Are you using PPTP? Are you protected
by a firewall? These are really important security questions that you and
your IS dept. need to answer.
>
> First question: Can I do this running Linux? And if so, as much detail
> as possible since I'm fairly new to Linux! I looked in various HOWTO's
> and FAQ's and my ears started to bleed....
Are you asking whether a Linux box can act as a dial-up server? Yes. This
is described in the PPP-HOWTO. As a dial-up client? Yes.
Are you asking whether a Linux box could dial up the third-party ppp
access network on behalf of one or other machines on a remote LAN? Yes.
Accomplishing this is a combination of the PPP-HOWTO and the Firewall-
HOWTO. It is accomplished by masquerading the remote LAN behind the Linux
box so that it looks like all the traffic comes from the Linux box. Check
out
http://dijon.nais.com/~nevo/masq/links.html
and
http://ipmasq.cjb.net/
Are you asking whether a Linux box could masquerade a remote LAN and
allow connection to the NT Remote Access Server? Yes. If you use PPTP,
then you can apply the kernel patches necessary to make the Linux box
permit PPTP connections from the machines inside the remote LAN to the
RAS box. Check out
http://www.wolfenet.com/~jhardin/ip_masq_pptp.html
If you are newbie, then getting all of this to work will take some time.
It's hard to write down every step in a posting... maybe someday someone
will come up with an Amalgamated Firewall/PPP/Masquerade/PPTP/DHCP/DNS-
HOWTO. Until then, you'll have to read the separate HOWTO's and post with
specific questions when things are unclear. Be sure to read as many
postings on this newsgroup as you can (go back a month at least) to see
how other people's problems have been answered.
>
> Next question: Our email is kept on an Exchange server on this same
> network. I don't know what protocol it uses (and certainly I won't
> have any influence on what IS being used!). Is there some possibility
> to retrieve/send under Linux?
Absolutely. All of the *standard* protocols that NT uses [TCP, UDP, ICMP,
DHCP, DNS (name lookup), PPP, HTTP (web), NNTP (news), SMTP (mail/send),
POP (mail/recv), IMAP (mail and stuff)] are all protocols originally
developed for use with the Internet with Un*x. Linux is a flavour of Un*x
and supports all of these protocols. Linux can act as a client (send to
and recv from Exchange) or can replace Exchange and act as the server!
Hope this helps (and isn't too pedantic),
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: Jesse <[EMAIL PROTECTED]>
Subject: dhcp and 2.2.0-pre9 (final) problems
Date: Sat, 23 Jan 1999 13:39:49 -0600
The kernel is working fine other than a problem with DHCP. I have
things set up re: the network exactly as they were in my old kernel, but
when it tries using dhcp, it fails every time. Any advice for me?
Thanks
------------------------------
From: [EMAIL PROTECTED] (Juergen Heinzl)
Subject: Re: 192.168.1.1 und 10.0.0.72
Date: Sat, 23 Jan 1999 20:14:21 GMT
In article <78cvvi$[EMAIL PROTECTED]>, Lars Diel wrote:
>Hi!
>
>Ich meochte/muss auf der Linux Kiste mit einer Netzkarte eth0 zwei Netzwerk
>Klassen laufen lassen. Als default habe ich ein Class C-Net mit 192.168.1.1
>mit einer Subnetmask 255.255.255.0 als Adresse fuer den Linux Server. Nun
>sollen aber auch alle Betreiber des Class A-Net mit 10.0.0.* mit einer
>Subnetmask 255.255.0.0 auf die Linux Kiste zugreifen koennen. Ist das
>moeglich? Leider laesst sich keines der beiden Netze ohne Probleme umstellen.
>Das ganze System laeuft mit einer SUSE 5.1
>
>Kann man solch einen Zwitter aus zwei Netzen herstellen und vor allem wie
>mache ich das ganze?
Klar. Mit zwei Netzen wird aber wohl ein router noetig sein und die Einfach
Loesung duerfte eine zweite Karte sein ...
Class A / 1st interface -> LARS <- Class C / 2nd interface
... und dann sitzt Du in der Mitte, spielst den "dual homed host" und kriegst
alles ab 8)
Unter Linux geht es wahrscheinlich auch wieder mit nur einer Karte. Unter Linux
geht ja eh immer alles.
Cheers,
Juergen
--
\ Real name : J�rgen Heinzl \ no flames /
\ EMail Private : [EMAIL PROTECTED] \ send money instead /
\ Phone Private : +44 181-332 0750 \ /
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: DNS with ppp and eth0
Date: 23 Jan 1999 12:55:18 -0600
[EMAIL PROTECTED] wrote:
: I use an ethernet interface for my local LAN. I created a ppp interface to
: dial in to an ISP. Domain names are not resolved, however. Do I need to use
: my ISP as a DNS server for the ppp interface or is there something else I
: need to do? My linux machine at home had no problem resolving domain names
: through my ppp interface, but I hadn't set up the ethernet interface yet. Is
: my ethernet setup confusing the ppp interface?
If you have a default route set for the ethernet, then pppd won't replace
it with a default route through ppp0 even with the defaultroute option.
You don't need a default route to your LAN, just a network route.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* The wealth of a nation is created by the productive labor of its
* citizens. */
------------------------------
From: [EMAIL PROTECTED] (shin )
Subject: Re: Using Linux NIS client in Solaris NIS Domain
Date: Sat, 23 Jan 1999 19:12:57 GMT
Reply-To: [EMAIL PROTECTED]
sorry forgot to say,
am running redhat 5.2 on the intel, and ultrapenguin-1.1.9 on the
sparc.
ssd
------------------------------
From: [EMAIL PROTECTED] (Chris Jones)
Subject: Re: How do I access mails in Outlook on Linux
Date: Sat, 23 Jan 1999 20:32:24 GMT
On 22 Jan 1999 15:00:13 GMT, [EMAIL PROTECTED] (Joseph Kuan)
wrote:
>Does anyone know is that possible to access my mail account in MS Outlook
>on a WinNT machine from Linux?
>
>Joe
This month's Linux Journal (US publication) has a pointer to a very
nifty piece of software called Virtual Network Computer (VNC). It's a
GPLed program that acts like PC Anywhere (duplicates your screen over
a network). This is how I get my mail at work from a WinNT box on my
Linux workstation--I run Outlook and the vncserver on the NT box and
run a vncviewer on the Linux box.
<http://www.orl.co.uk/vnc/>
Chris
------------------------------
From: Mark Warren <[EMAIL PROTECTED]>
Subject: Need help setting up Linux as pptp client
Date: Sat, 23 Jan 1999 11:03:48 -0500
My Linux machine at home talks to an ISP via ppp, and I'd like to be
able to get into my company's internal net. When running W95 or NT at
home, we do this using Microsoft's VPN client side s/w. I've looked at
some PPTP and VPN references in Linux docs, but they appear to be mostly
aimed at establishing sessions between 2 Linux boxes, or using Linux to
host VPNs from other clients.
Can anyone give me a "Linux PPTP Client to WinNT VPN Host For Dummies"
guide?
Thanks...
------------------------------
From: Jose Nazario <[EMAIL PROTECTED]>
Subject: WORKS! 3CCE589ET and RH5.2/kernel 2.0.36, PCMCIA 3.0.5
Date: Sat, 23 Jan 1999 16:03:14 -0500
afternoon, all
i wrote the other day looking for help in getting my 3c589E PCMCIA
card working in linux 2.0.36/RH5.2. at the time, i was looking at
kernel messages similar to the ones below:
Jan 21 19:20:28 biochem cardmgr[190]: starting, version is 3.0.5
Jan 21 19:20:29 biochem cardmgr[190]: watching 2 sockets
Jan 21 19:20:29 biochem kernel: cs: IO port probe 0x1000-0x17ff:
excluding 0x1268-0x126f 0x13b8-0x13bf 0x13f0-0x13f7 0x15e8-0x15ef
0x1668-0x166f 0x17b8-0x17bf 0x17f0-0x17f7
Jan 21 19:20:29 biochem kernel: cs: IO port probe 0x0100-0x04ff:
excluding 0x268-0x26f 0x3b8-0x3e7
Jan 21 19:20:29 biochem kernel: cs: IO port probe 0x0a00-0x0aff:
excluding 0xa68-0xa6f
Jan 21 19:20:29 biochem kernel: cs: memory probe 0x0d0000-0x0dffff:
clean.
Jan 21 19:20:29 biochem cardmgr[190]: initializing socket 0
Jan 21 19:20:29 biochem cardmgr[190]: unsupported card in socket 0
Jan 21 19:20:29 biochem cardmgr[190]: product info: "3Com", "Megahertz
589E", "TP/BNC LAN PC Card", "005"
Jan 21 19:20:29 biochem cardmgr[190]: manfid: 0x0101, 0x0589
function: 6 (network)
i took some time to tinker with it some more, and i'm happy to note that
the
card work perfectly under the 3c589_cs module. the new kernel messages
are
as follows:
Jan 22 22:04:34 biochem cardmgr[292]: re-loading config file
Jan 22 22:04:34 biochem kernel: cs: IO port probe 0x1000-0x17ff:
excluding 0x1268-0x126f 0x13b8-0x13bf 0x13f0-0x13f7 0x15e8-0x15ef
0x1668-0x166f 0x17b8-0x17bf 0x17f0-0x17f7
Jan 22 22:04:34 biochem kernel: cs: IO port probe 0x0100-0x04ff:
excluding 0x268-0x26f 0x3b8-0x3e7
Jan 22 22:04:34 biochem kernel: cs: IO port probe 0x0a00-0x0aff:
excluding 0xa68-0xa6f
Jan 22 22:04:34 biochem cardmgr[292]: initializing socket 0
Jan 22 22:04:34 biochem cardmgr[292]: socket 0: 3Com Megahertz 3c589E
TP/BNC LAN PC Card 005
Jan 22 22:04:34 biochem cardmgr[292]: product info: "3Com", "Megahertz
589E", "TP/BNC LAN PC Card", "005"
Jan 22 22:04:34 biochem cardmgr[292]: manfid: 0x0101, 0x0589
function: 6 (network)
Jan 22 22:04:35 biochem cardmgr[292]: executing: 'insmod
/lib/modules/2.0.36/pcmcia/3c589_cs.o'
Jan 22 22:04:35 biochem cardmgr[292]: executing: './network start eth0'
Jan 22 22:04:35 biochem kernel: eth0: 3Com 3c589, port 0x300, irq 3,
Auto port, hw_addr 00:10:5A:8A:BF:E3
Jan 22 22:04:36 biochem cardmgr[292]: + SIOCADDRT: Invalid argument
Jan 22 22:04:55 biochem kernel: eth0: autodetected 10baseT
i edited my /etc/pcmcia/config file to add the following lines:
card "3Com Megahertz 3c589E TP/BNC LAN PC Card 005"
version "*"
bind "3c589_cs"
granted, the version is for all (*) and that may require some tinkering,
but in
short it seems to work with this card. i did not have to make any
changes to any
other files, like my /etc/pcmcia/config.opts file for memory probing and
such.
this is with PCMCIA services version 3.0.5 (as noted above); i do not
know
what sorts of changes have occured to the 3c589_cs module over the
versions,
so i don't know how far back this will work. my laptop, a thinkpad 760C,
has
no cdrom drive. i did the RH5.2 install using a coworker's 3c589B NIC
and a
local server. the RH5.2 install floppies will not work with this, though
some
eager hacker could probably make it work; i also imagine a change on the
fly
could be made to the /etc/pcmcia/config file to recognize that this card
is
indeed workable with the 3c589_cs module, but i have yet to investigate
that.
my listed modules for my kernel now looks like:
Module Pages Used by
3c589_cs 2 1
ds 2 [3c589_cs] 2
i82365 5 2
pcmcia_core 9 [3c589_cs ds i82365] 0
this card, FWIW, was bought from CDW (www.cdw.com) and is listed at
$128.00 as
of last week. model number 3CCE589ET, a 3Com 10Mbps LAN PC Card.
happy hacking,
jose nazario
dept of biochemistry
case western reserve university
cleveland, oh 44106-4935
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: PPP works for Inet, but not for ISP resources
Date: Sat, 23 Jan 1999 20:48:48 GMT
Forgive me, but I just started playing with Linux last Tuesday :)
Like everyone else and their mother, I'm installing ppp with IP masquerade on
my home network. After a few days configuring everything, I've got diald
working for dial-on-demand, ip masquerade and dhcp working on my private
network (which I assigned to class B IPs).
I connect through my local ISP and can access everything on the internet.
*BUT* the resources on my ISP, e.g., the mail server, are unavailable. I can
resolve the hosts (I do not think their DNS server is behind the same
firewall...), but can not access any of the www sites, the mail server, nor
can I ping anything on the ISP's network.
Some helpful config:
linux masquerade box eth0: 172.16.1.2
linux masquerade box ppp0: dynamically assigned (10.2.11.95 now)
ISP's P-t-P: 10.2.11.1
ISP's mail server, etc: 204.132.*.*
ISP's DNS: 10.4.1.31
I can't ping the ISP's mail server from the linux box, either, so it's not IP
masquerade causing the problem. I can telnet outside of the network, then
telnet from there to my ISP's account.
Any suggestions for a guy trying to eradicate NT from his life?
Thanks,
Kevin Hunt
Brand New Linux Guy
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: FTP and firewalls
Date: Sat, 23 Jan 1999 13:17:56 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Leon Harris wrote:
> > What is the best way to allow ftp through a firewall?
> > currently, I am using something like
> > # allow us to initiate a tcp request
> > ipfwadm -I -a accept -P -W eth0 tcp -S from_address -D to_address 20
> > ipfwadm -I -a accept -P -W eth0 tcp -S from_address -D to_address 21
> >
> > # allow it out of the firewall box
> > ipfwadm -O -a accept -P tcp -W ppp0 -S from_address -D to_address 20
> > ipfwadm -O -a accept -P tcp -W ppp0 -S from_address -D to_address 21
> >
> > ipfwadm -I -a accept -P tcp -k -W ppp0 -S to_address -D from_address 20
> > ipfwadm -I -a accept -P tcp -k -W ppp0 -S to_address -D from_address 21
> >
> > ipfwadm -O -a accept -P tcp -k -W eth0 -S to_address -D from_address 20
> > ipfwadm -O -a accept -P tcp -k -W eth0 -S to_address -D from_address 21
> >
> > # allow high port traffic, negotiated on the lowerports
> > ipfwadm -I -a accept -P tcp -k -W ppp0 -S from_address -D to_address
> > 1024:65535
> > ipfwadm -O -a accept -P tcp -k -W ppp0 -S to_address -D from_address
> > 1024:65535
> >
> > ipfwadm -I -a accept -P tcp -k -W eth0 -S from_address -D to_address
> > 1024:65535
> > ipfwadm -O -a accept -P tcp -k -W ppp0 -S to_address -D from_address
> > 1024:65535
>
> So, by using some/all of the above commands... Could I run an ftp server
> on
> a local machine through the linux gateway/firewall and make it work?
> It seems nobody knew the commands to make it work with Ipfwadm and I was
> directed to use 'rinetd' which works, but the Ftp server logs each
> connect
> as coming from the Linux gateway/firewall (not a configurable option of
> rinetd),
> instead of the real IP, which I don't really like.
>
You can use port forwarding, instead. There are two ways to do this...
USE IPAUTOFW
1) You need to recompile your kernel with CONFIG_IP_MASQUERADE_IPAUTOFW
turned on.
2) In your firewall script, use these commands
ipautofw -A -p tcp 20 ftp_server:20
ipautofw -A -p tcp 21 ftp_server:21
ipautofw -A -p udp 21 ftp_server:21
OR USE IPPORTFW
1) get the patch from
http://www.ox.compsoc.org.uk/~steve/portforwarding.html
2) patch your kernel
3) follow the patch directions to set up configuration options
4) compile kernel
5) read the patch direction on how to use the ipportfw command
I use ipautofw and my internal web server logs the REAL ip address of the
incoming connection, not the ip address of the firewall.
Hope this helps,
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: Need help setting up Linux as pptp client
Date: Sat, 23 Jan 1999 13:21:40 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> My Linux machine at home talks to an ISP via ppp, and I'd like to be
> able to get into my company's internal net. When running W95 or NT at
> home, we do this using Microsoft's VPN client side s/w. I've looked at
> some PPTP and VPN references in Linux docs, but they appear to be mostly
> aimed at establishing sessions between 2 Linux boxes, or using Linux to
> host VPNs from other clients.
>
> Can anyone give me a "Linux PPTP Client to WinNT VPN Host For Dummies"
> guide?
>
> Thanks...
>
>
Check out the following links
http://www.wolfenet.com/~jhardin/ip_masq_pptp.html
or
http://www-plateau.cs.berkeley.edu/people/chaffee/linux_pptp.html
IMHO, the first one (jhardin) is better.
Hope this helps,
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: Dave Bailey <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Simple? Sendmail newbie question
Date: Sat, 23 Jan 1999 21:25:51 +0000
"Scott R. Palmer" wrote:
> I want to set up my server so that an outside user can use it as an SMTP
> server. It works fine as a POP server, but when I try to send mail through it
> from another computer using it as the SMTP server, it says that it doesn't like
> my destination address, and it only seems to take destinations that are on that
> server itself, ie. [EMAIL PROTECTED]
Check /usr/lib/sendmail-cf/cf/ and look for redhat.mc. This is your
configuration file (there are others like it in that directory).
There should also be a redhat.cf file. I believe RedHat installation
generates this file and then copies it to /etc/sendmail.cf.
In the redhat.mc file, look for these lines:
HACK(use_ip,`/etc/mail/ip_allow')
HACK(use_names,`/etc/mail/name_allow')
HACK(use_relayto,`/etc/mail/relay_allow')
These lines instruct sendmail how to deal with hosts who wish
to use your machine as an SMTP server. Ordinarily, all subdomains
of your domain are allowed to relay through your machine, but
hosts outside of your domain are not. This is an anti-spam
measure.
You will want to edit the files referred to in the HACK()
directives. IP addresses of machines which should be allowed
to relay through yours go in /etc/mail/ip_allow, one IP per
line. /etc/mail/name_allow allows you to specify hostnames
instead of IP addresses. /etc/mail/relay_allow lets you
specify which hosts other machines can relay mail to through
your machine (for example, if your machine is to act as the
mail server for a LAN). Your best bet is to edit the ip_allow
file.
I am not sure if you have to restart sendmail after editing
/etc/mail/ip_allow. Supposedly, you only have to restart
after changing /etc/sendmail.cw or /etc/sendmail.cf. You
may want to do it just to be safe:
/etc/rc.d/init.d/sendmail.init stop
/etc/rc.d/init.d/sendmail.init start
--
Dave Bailey
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Dave Roznar)
Subject: Re: Mount WIN9x drive across LAN
Reply-To: [EMAIL PROTECTED]
Date: Sat, 23 Jan 1999 22:02:13 GMT
On Sat, 23 Jan 1999 11:33:47 +1300, Richard Hector
<[EMAIL PROTECTED]> wrote:
>
>I don't think you need Samba as well for that, but you may want it
>anyway, for the Win machines to see your Linux (and non-running Windows)
>disk(s).
>
>I think I only ever got Samba going, not smbfs (It was all too
>frustrating with a 386sx20 Linux box :-)
>
>Richard Hector
Thanks Rich. I got it all working. For some reason RedHat 5.2 did not
install SMBFS so I searched the rpm's and found it. All works now.
That was after I found the bug in the smbpasswd file. When creating a
user it adds a D to the string as in [DU ] the D disables the
user! After I removed it all worked!
============================================
Dave Roznar - W6TGE
Portland, OR
email [EMAIL PROTECTED]
Web-site http://members.home.net/droznar
============================================
------------------------------
From: [EMAIL PROTECTED] (Mark Cooperstein)
Subject: Re: >>> Subscribe me to this newsgroup <<<
Date: Sat, 23 Jan 1999 22:06:32 GMT
In article <78d4nj$b2m$[EMAIL PROTECTED]>, Temp Account
<[EMAIL PROTECTED]> wrote:
>I wish to subscribe on this newsgroup
>Please put me your list.
>Thanks a lot.
>
>Donnie.
no really, I was just joking.... :-)
** Remove ".nospam" when replying or email will bounce back to you...
------------------------------
From: r <[EMAIL PROTECTED]>
Subject: Samba/mgetty+sendfax
Date: Sat, 23 Jan 1999 22:18:07 GMT
Is there any sort of client software to use with samba/mgetty+sendfax
around yet?
------------------------------
From: Thorsten Kukuk <[EMAIL PROTECTED]>
Subject: Re: RedHat 5.2/NIS/netgroups
Date: 18 Jan 1999 08:26:49 GMT
Hello,
[EMAIL PROTECTED] wrote:
> [...]
>> If +user works, but not +@netgroup, you haven't removed pam_pwdb from all
> places.
>> This is a typcally pam_pwdb problem.
> Well, as you can see from above, I did replace all pam_pwdb modules.
> Do you want me to send you the content of all (or some) of the /etc/pam.d
> directory ?
No, I don't have the time to look at it.
>> > Does anyone have a working solution, that allows the use of +@netgroups or
>> > -@netgroups , in order to have a selective authentication method to the
>> > NIS client in question ?
>>
>> Does all 3 netgroup maps exists and readable ? I hope you doesn't use
>> shadow over NIS ? And haven't configured ypserv to use port auth ?
> All 3 maps exist, netgroup.byuser , netgroup.byhost and netgroup. Ypserv
> is not configured to do port auth AFAIK, it's the standard configuration
> on both master and slaves.
> Any more ideas ?
If the netgroup entries are not wrong, no. On my systems, it works fine.
Thorsten
--
Thorsten Kukuk http://home.pages.de/~kukuk/ [EMAIL PROTECTED]
SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
