Linux-Networking Digest #36, Volume #10 Thu, 28 Jan 99 18:13:57 EST
Contents:
Diald, PPPD Timeout (Glenn Buric)
Re: Linux --> Company NT RAS - Can it be done? (Stephen Carville)
Redhat 5.1....A Toshiba Libretto70CT...and a Kingmac PCMCIA Network
card......wow....what a mess. (JamesLay)
Re: DOES LINUX SUCK (Jeff Holloway)
Re: Can't Telnet To Linux 5.2 from MS workstation (Stephen Carville)
Distributed Security (Tishina Syndicate)
Re: multihome on one ethernet card ? how? (Matt Kressel)
Re: Is there anything like NT's TRUST RELATIONSHIPS in Linux/Unix ? (James Youngman)
Cable Modems and Optimum Online (Matt Kressel)
Re: configuration of eth0 & ifconfig (Chris)
help with script to temporarily reconfig net (jamie)
----------------------------------------------------------------------------
From: Glenn Buric <[EMAIL PROTECTED]>
Subject: Diald, PPPD Timeout
Date: Sun, 24 Jan 1999 21:54:35 +0000
I setup the pppd and diald according to the HOWTO's but I can't seem to
get diald working correctly. pppd works okay, but only when I kill the
diald. When I run diald and attempt to ping an internet host, the modem
dials connects, and then terminates after about 20 seconds. I've spent
all weekend trying different configurations. Any help would be greatly
appreciated.
Here's an some output from my message log file (configuration files
follow):
Jan 24 17:24:44 dilbert chat[340]: ATDT2372203^M^M
Jan 24 17:24:44 dilbert chat[340]: CARRIER 26400^M
Jan 24 17:24:44 dilbert chat[340]: ^M
Jan 24 17:24:44 dilbert chat[340]: PROTOCOL: LAP-M^M
Jan 24 17:24:44 dilbert chat[340]: ^M
Jan 24 17:24:44 dilbert chat[340]: CONNECT -- got it
Jan 24 17:24:44 dilbert chat[340]: send (^M)
Jan 24 17:24:44 dilbert chat[340]: expect (ogin:)
Jan 24 17:24:44 dilbert chat[340]: 38400^M
Jan 24 23:24:45 dilbert diald[300]: filter ignored rule 24 proto 17 len
45 packet 255.255.255.0,53 => 198.41.0.10,53
Jan 24 17:24:46 dilbert chat[340]: MCSNet Chicago Unified^M
Jan 24 17:24:46 dilbert chat[340]: (hit <enter> alone for password)^M
Jan 24 17:24:46 dilbert chat[340]: mcs - MCSNet Cluster Machines^M
Jan 24 17:24:46 dilbert chat[340]: ccs - Chicago Computer Society BBS^M
Jan 24 17:24:46 dilbert chat[340]: ^M
Jan 24 17:24:46 dilbert chat[340]: OR enter user ID for SLIP/PPP
Session^M
Jan 24 17:24:46 dilbert chat[340]: ^M
Jan 24 17:24:46 dilbert chat[340]: ^M
Jan 24 17:24:46 dilbert chat[340]: login: -- got it
Jan 24 17:24:46 dilbert chat[340]: send (gjb^M)
Jan 24 17:24:46 dilbert chat[340]: expect (assword:)
Jan 24 17:24:46 dilbert chat[340]: ^M
Jan 24 17:24:46 dilbert chat[340]: login: gjb^M
Jan 24 17:24:46 dilbert chat[340]: Password: -- got it
Jan 24 17:24:46 dilbert chat[340]: send (xxxxx^M)
Jan 24 23:24:46 dilbert diald[300]: Running pppd (pid = 341).
Jan 24 17:24:47 dilbert kernel: PPP: version 2.2.0 (dynamic channel
allocation)
Jan 24 17:24:47 dilbert kernel: PPP Dynamic channel allocation code
copyright 1995 Caldera, Inc.
Jan 24 17:24:47 dilbert kernel: PPP line discipline registered.
Jan 24 17:24:47 dilbert kernel: registered device ppp0
Jan 24 23:24:47 dilbert diald[300]: filter accepted rule 25 proto 17 len
62 packet 255.255.255.0,1060 => 192.160.127.90,53
Jan 24 23:24:49 dilbert diald[300]: filter ignored rule 24 proto 17 len
45 packet 255.255.255.0,53 => 128.9.0.107,53
Jan 24 23:24:52 dilbert diald[300]: filter accepted rule 25 proto 17 len
62 packet 255.255.255.0,1062 => 192.160.127.90,53
Jan 24 23:24:56 dilbert diald[300]: filter accepted rule 25 proto 17 len
65 packet 255.255.255.0,1063 => 192.160.127.90,53
Jan 24 23:24:57 dilbert diald[300]: filter ignored rule 24 proto 17 len
45 packet 255.255.255.0,53 => 192.33.4.12,53
Jan 24 23:25:02 dilbert diald[300]: filter accepted rule 25 proto 17 len
62 packet 255.255.255.0,1064 => 192.160.127.90,53
Jan 24 23:25:05 dilbert diald[300]: filter ignored rule 24 proto 17 len
45 packet 255.255.255.0,53 => 192.203.230.10,53
Jan 24 23:25:13 dilbert diald[300]: filter ignored rule 24 proto 17 len
45 packet 255.255.255.0,53 => 193.0.14.129,53
Jan 24 23:25:21 dilbert diald[300]: filter ignored rule 24 proto 17 len
45 packet 255.255.255.0,53 => 202.12.27.33,53
Jan 24 23:25:22 dilbert diald[300]: filter accepted rule 25 proto 17 len
62 packet 255.255.255.0,1065 => 192.160.127.90,53
Jan 24 23:25:36 dilbert diald[300]: filter accepted rule 25 proto 17 len
65 packet 255.255.255.0,1066 => 192.160.127.90,53
Jan 24 23:25:41 dilbert diald[300]: filter accepted rule 25 proto 17 len
65 packet 255.255.255.0,1067 => 192.160.127.90,53
Jan 24 23:25:47 dilbert diald[300]: pppd startup timed out. Check your
pppd options. Killing pppd.
Jan 24 23:25:47 dilbert diald[300]: Nonzero exit status (1) on command
'/sbin/ifconfig sl0 205.164.12.62 pointopoint netmask 255.255.255.0 mtu
1500 up'
Jan 24 23:25:47 dilbert diald[300]: Nonzero exit status (1) on command
'/sbin/route add metric 1 dev sl0'
Jan 24 23:25:47 dilbert diald[300]: child process 341 terminated with
signal 2
Jan 24 23:25:48 dilbert diald[300]: Nonzero exit status (1) on command
'/sbin/ifconfig sl0 205.164.12.62 pointopoint netmask 255.255.255.0 mtu
1500 up'
Jan 24 23:25:48 dilbert diald[300]: Nonzero exit status (1) on command
'/sbin/route add metric 1 dev sl0'
Jan 24 23:25:50 dilbert diald[300]: Delaying 30 seconds before clear to
dial.
Jan 24 17:26:48 dilbert kernel: PPP: ppp line discipline successfully
unregistered
And here is my diald.conf:
===========================
mode ppp
connect "sh /etc/ppp/ppp-on-dialer"
device /dev/modem
speed 38400
modem
lock
crtscts
local 205.164.12.62
remote
netmask 255.255.255.0
defaultroute
debug 7
pppd-options asyncmap 20A0000 escape FF
include /usr/lib/diald/standard.filter
And my connection script for good measure:
=====================================
#!/bin/sh
#
# This is part 2 of the ppp-on script. It will perform the connection
# protocol for the desired connection.
#
exec chat -v \
TIMEOUT 3 \
ABORT '\nBUSY\r' \
ABORT '\nNO ANSWER\r' \
ABORT '\nRINGING\r\n\r\nRINGING\r' \
'' \rAT \
'OK-+++\c-OK' ATH0 \
TIMEOUT 30 \
OK ATDT2372203 \
CONNECT '' \
ogin:--ogin: gjb \
assword: xxxxx
------------------------------
From: Stephen Carville <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: Linux --> Company NT RAS - Can it be done?
Date: 25 Jan 1999 03:51:40 GMT
[EMAIL PROTECTED] wrote:
[snip]
> Next question: Our email is kept on an Exchange server on this same
> network. I don't know what protocol it uses (and certainly I won't
> have any influence on what IS being used!). Is there some possibility
> to retrieve/send under Linux?
Try using Netscape and IMAP. I think IMAP has to be turned on at the
Exchange side since MS uses a bastard protocal as the default.
--
Stephen Carville
[EMAIL PROTECTED]
====================================================
Management: The art of hiring intelligent, skilled individuals and then
ignoring their advice.
------------------------------
From: [EMAIL PROTECTED] (JamesLay)
Subject: Redhat 5.1....A Toshiba Libretto70CT...and a Kingmac PCMCIA Network
card......wow....what a mess.
Date: Mon, 25 Jan 1999 02:50:45 GMT
Well....I got Linux installed...no small feat, on a Libretto. Got
PCMCIA services working. No go on the LAN though....I get link and
rx/tx lights, but Network is unreachable is the msg of the day. Tried
adding eth0 NE in the Xwindow Kernal tool, but still no go (Can't seem
to remove it now from the Kernal....hmmm) Help!
James
------------------------------
From: Jeff Holloway <[EMAIL PROTECTED]>
Subject: Re: DOES LINUX SUCK
Crossposted-To: comp.os.linux.advocacy,linux.redhat.install
Date: Thu, 28 Jan 1999 14:11:52 -0800
Keith Peterson <[EMAIL PROTECTED]> wrote:
>>> >"Does LINUX SUCK ?"
>>>
>>> YES.
>>
>>That is so you.
>>
>>Why do you even bother coming to COLA if you do not wish to advocate?
>>Simply hanging around being negative is a text book example of a troll.
>>Is that what you want to do?
> Well, (replying on behalf of Bob or Bill or whatever), if you have an
> advocacy group with no dissenting opinion, you have a group where a bunch of
> people pat themselves on the back and congratulate each other, then, after a
> couple months, a dead group.
> If you didn't have Microsoft and it's advocates for a villian, many people
> wouldn't bother frequenting this group.
And on that note, let's direct followups to the advocacy group only, eh?
Jeff
--
Jeff Holloway | He had that rare weird electricity about him --
System Administrator | that extremely wild and heavy presence that you
Tech 7 Systems, Inc. | only see in a person who has abandoned all hope
[EMAIL PROTECTED] | of ever behaving "normally" - Hunter S. Thompson,
| "Fear and Loathing '72"
Not a member of the Lumber Cartel (tinlc) and not Unit #1572
------------------------------
From: Stephen Carville <[EMAIL PROTECTED]>
Subject: Re: Can't Telnet To Linux 5.2 from MS workstation
Date: 25 Jan 1999 03:59:09 GMT
Joe Fialkowski wrote:
>
> Has anyone ran into this problem?
>
> I cannot telnet or ftp to my linux 5.2 sever from a MS windows95
> workstation. I can however ping the box and see it through smb. Please
> Help!
RH 5.3 disable remote root login by default. Create a regular user
account and log in using that. You can su to root
--
Stephen Carville
[EMAIL PROTECTED]
====================================================
Management: The art of hiring intelligent, skilled individuals and then
ignoring their advice.
------------------------------
From: Tishina Syndicate <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux,comp.programming,comp.unix.admin,comp.os.linux.development.apps,comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.admin
Subject: Distributed Security
Date: Wed, 27 Jan 1999 21:07:34 +0000
Reply-To: comp.os.linux
==============A1B7AF94C8D336104CD1BA7C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
January 28, 1999
Emergency Audit Response System (EARS) v0.7 released!
Tishina Syndicate has launched one of the first non-profit,
non-academic, open source efforts in development of an intrusion
detection system for Linux, operating on a distributed level, in
real-time.
The goal is trivial: code that "understands" your network. Meaning:
a. Peer-to-peer communications among separate agents via secure TCP/IP
channels to monitor, detect and respond to anomalies occurring in
real-time on the network.
(Global Predicate Evaluation)
b. Independent intrusion detection on per-host basis by each individual
agent in the local environment via control of:
Filesystem(s)
CPU
User environment
Network interfaces
Keeping one hand reaching for stars and other in the dirt, we're
currently devising the distributed algorithms and protocols. There's
still a load of work to be finished, so snatch your slice before they
disappear.
Visit Tishina Syndicate home to obtain EARS source, in addition to a
substantial security archive and a link collection.
Open source has done it again!
[ Tishina Syndicate
tishina.cjb.net
[EMAIL PROTECTED] ]
- gone boarding
==============A1B7AF94C8D336104CD1BA7C
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<HTML>
<FONT FACE="Arial,Helvetica"><B>January 28, 1999</B></FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT><FONT FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica"><B>E</B>mergency <B>A</B>udit <B>R</B>esponse
<B>S</B>ystem <B>(EARS) v0.7</B> released!</FONT>
<BR><FONT FACE="Arial,Helvetica"> </FONT><FONT FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica"><B><A HREF="http://tishina.cjb.net">Tishina
Syndicate</A></B> has launched one of the first non-profit, non-academic,
open source efforts in development of an intrusion detection system for
Linux, operating on a distributed level, in real-time.</FONT><FONT
FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica">The goal is trivial: code that "understands"
your network. Meaning:</FONT><FONT FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica"><B>a.</B> Peer-to-peer communications among
separate agents via secure TCP/IP channels to monitor, detect and respond
to anomalies occurring in real-time on the network.</FONT>
<BR><FONT FACE="Arial,Helvetica">(Global Predicate Evaluation)</FONT><FONT
FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica"><B>b.</B> Independent intrusion detection
on per-host basis by each individual agent in the local environment via
control of:</FONT>
<BR><FONT FACE="Arial,Helvetica"> Filesystem(s)</FONT>
<BR><FONT FACE="Arial,Helvetica"> CPU</FONT>
<BR><FONT FACE="Arial,Helvetica"> User environment</FONT>
<BR><FONT FACE="Arial,Helvetica"> Network interfaces</FONT><FONT
FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica">Keeping one hand reaching for stars and
other in the dirt, we're currently devising the distributed algorithms
and protocols. There's still a load of work to be finished, so snatch your
slice before they disappear.</FONT><FONT FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica">Visit <B><A HREF="http://tishina.cjb.net">Tishina
Syndicate</A></B> home to obtain <A
HREF="http://tishina.cjb.net/projects_ears.html">EARS
source</A>, in addition to a substantial security <A
HREF="ftp://209.43.237.10/pub/archive">archive</A>
and a <A HREF="http://tishina.cjb.net">link</A> collection.</FONT><FONT
FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica">Open source has done it again!</FONT><FONT
FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica"> <B> [ <A
HREF="http://tishina.cjb.net">Tishina
Syndicate</A></B></FONT>
<BR><FONT FACE="Arial,Helvetica">
tishina.cjb.net</FONT>
<BR><FONT FACE="Arial,Helvetica"> <A
HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]
</A>]</FONT><FONT FACE="Arial,Helvetica"></FONT>
<P><FONT FACE="Arial,Helvetica">- gone boarding</FONT>
<BR><FONT FACE="Arial,Helvetica"></FONT> </HTML>
==============A1B7AF94C8D336104CD1BA7C==
------------------------------
From: Matt Kressel <[EMAIL PROTECTED]>
Subject: Re: multihome on one ethernet card ? how?
Date: Thu, 28 Jan 1999 20:13:57 GMT
[EMAIL PROTECTED] wrote:
>
> Hi,
> I just wonder wonder if I can assign 2 IP address to one network card, and
> route between them . if you have any idea or suggestion, please tell me.
> The reason I am doing this is that I have 2 networks, both of them are
> connected to one hub, and I need a router between them, since I have a linux
> box which is also connected to that hub, why don't I just assign 2 IP address
> to that box's card, each belong to one network, and them route between these
> 2 IP address ?
> Just an idea. if doesn't work, I may have to buy 2 network card and work
> hard to get the device driver work and then route between them, this sounds
> like more work to me, and more costly.
> Thanks!
> Jinsong
>
>
Enable IP aliasing and read the other articles in this thread.
-Matt
--
Matthew O. Kressel | INTERNET: [EMAIL PROTECTED]
+--------- Northrop Grumman Corporation, Bethpage, NY ---------+
+--------- TEL: (516) 346-9101 FAX: (516) 346-9740 ------------+
------------------------------
From: James Youngman <[EMAIL PROTECTED]>
Subject: Re: Is there anything like NT's TRUST RELATIONSHIPS in Linux/Unix ?
Date: 26 Jan 1999 22:53:06 +0000
Edmund <[EMAIL PROTECTED]> writes:
> I have a client whom I trying to convince to set up Linux instead of NT
> on their Server. They want to set up 5 regional offices each with it's
> own LAN, and they want to tie them all together on a WAN. Each LAN will
> have it's own Domain. They are wondering if Linux has the equivalent of
> NT's Trust Relationships so that a user at one of the regional offices
> domain can access another regional offices domain and resources and vice
> versa.
Yes, if that is all you want to do, that is easy to do. The details
depend on which resources you want to share, but the configuration
files you will need to set up include /etc/hosts.equiv,
/etc/hosts.lpd, /etc/hosts.allow, /etc/hosts.deny, and /etc/exports if
you plan to use NFS between sites (which would probably be slow unless
your WAN links are high-bandwidth).
You should also install SSH instead of changing /root/.rhosts.
> Can NIS do that ? Someone else told me that the hosts.equiv file can do
> that.
NIS allows you to keep a "master" password file at one location, and
have slave sites use it. That's slightly different, but often part of
the overall solution.
--
ACTUALLY reachable as @free-lunch.demon.(whitehouse)co.uk:james+usenet
------------------------------
From: Matt Kressel <[EMAIL PROTECTED]>
Subject: Cable Modems and Optimum Online
Date: Thu, 28 Jan 1999 20:06:33 GMT
Hello,
Anyone have success using Linux with Long Island, NY's Optimum Online
Cable Modem service? I am thinking of subscribing, but want to make
sure no one has had any major hurdles (i.e. DHCP, login, etc.)
TIA,
-Matt
--
Matthew O. Kressel | INTERNET: [EMAIL PROTECTED]
+--------- Northrop Grumman Corporation, Bethpage, NY ---------+
+--------- TEL: (516) 346-9101 FAX: (516) 346-9740 ------------+
------------------------------
From: Chris <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux,alt.linux,linux.redhat
Subject: Re: configuration of eth0 & ifconfig
Date: Thu, 28 Jan 1999 16:30:17 -0600
John K wrote:
>
> Thanks for your info.
>
> Yes, I got this far. The problem is the Linux machine. The Ethernet card is
> not getting a IP number. When I tested the link durring the jumper
> installation with both computers connected under DOS, the link worked.
> Therefore, the problem is not cables or conflics. The problem is that Linux
> is not assigning ant IP number to eth0.
>
> I made this conclusion because when I try to ping the Linux computer to his
> own IP (192.168.0.2) Host is unreachable.
>
> So If It can't ping its own IP, Linux is the problem. Any idea how to
> assign eth0 a IP?
This is how I start my eth0 connected to another linux box connected to
a cable modem with ip_forwarding:
/sbin/ifconfig eth0 192.168.77.7 broadcast 192.168.77.255 netmask
255.255.255.0
/sbin/route add -net 192.168.77.0 netmask 255.255.255.0 eth0
/sbin/route add default gw 192.168.77.2 netmask 0.0.0.0
cjj7:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.77.0 0.0.0.0 255.255.255.0 U 0 0 4
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 1
lo
0.0.0.0 192.168.77.2 0.0.0.0 UG 0 0 147
eth0
My linux box with forwarding uses IP: 192.168.77.2
This is in my rc.inet1 file
Hope this helps
Chris
------------------------------
From: [EMAIL PROTECTED] (jamie)
Subject: help with script to temporarily reconfig net
Reply-To: [EMAIL PROTECTED]
Date: Thu, 28 Jan 1999 15:59:07 -0600
(Slackware 3.6, kernel 2.0.36, no Xconfiguration utils like redhat)
Normally, I have eth0 connected to cable modem, and eth1 to my home net.
eth0 uses 10baseT connector and eth1 uses BNC connector. I'm leisurely
setting up a new linux box to replace my current linux box, and the
ethernet card it came with has only a 10baseT connector.
I need to write a script to temporarily unconfigure both eth0 and eth1,
so that I can temporarily configure eth0 to the home lan to transfer
lots of files. I know how to undo routing and ipfwadm, but I'm somewhat
unclear on how to undo ifconfig commands.
Does "ifconfig eth0 down" undo the other ifconfig commands as well
bringing it down? or do I have to undo each ifconfig command
separately?
--
jamie ([EMAIL PROTECTED])
"There's a seeker born every minute."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
