Linux-Networking Digest #58, Volume #10 Sat, 30 Jan 99 20:13:41 EST
Contents:
Re: PCMCIA died - help with diagnosis (David Hinds)
Re: Sendmail Error Message (Rob)
Re: Sendmail as a gateway (Rob)
dhcpd.leases (Jon Horner)
How to build a router ??? ("Michael D. Schleif")
Re: way to browse machines on a network??? (Mark Post)
Re: Linux with Novell 4.11 ([EMAIL PROTECTED])
Re: IP Masq and Win95 clients ("Alex Harrington")
Help! Need program to monitor network activity of all processes
([EMAIL PROTECTED])
Re: Hackers used my linuxserver be hacked gateway How to fixing?
([EMAIL PROTECTED])
Re: Hack attack? (David Efflandt)
Re: PPP question... (Clifford Kite)
Network Startup Problem ("Scott T. Dupuie")
Slow transfers between 2.2.1 (Brad Harrell)
Re: all (David Efflandt)
Re: DHCP Server setup - Complete rookie need help please (Ed Finch)
Windows NT Proxy and Linux Configuration ("Stephen Allen")
Samba Permissions Question... (Scallica)
Trouble setting up 2 computer network (Michael Longval)
where's IPIP tunneling documents? ("Brian Hong (ȫ����)")
Re: Telnet Puzzle (David Efflandt)
SOLVED!! modprobe: can't locate module net-pf-4 ("Jesus M. Salvo Jr.")
Re: How to get the local IP address after booting with DHCP? (Luca Filipozzi)
Re: IRC, identd, Masquerade (Dale Lakes)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Hinds)
Crossposted-To: comp.os.linux.hardware,comp.os.linux.portable
Subject: Re: PCMCIA died - help with diagnosis
Date: 29 Jan 1999 23:01:54 GMT
Nick Kew ([EMAIL PROTECTED]) wrote:
:
: On monday morning, I plugged the card in as usual, and accessed the
: network. Later, without having connected, disconnected, or any such thing
: it was dead. I suspect a hardware error either in the PC or in the card,
: but I've no way of testing for this.
If the card worked fine for months, and spontaneously stopped working
in mid connection, I'd say that it certainly sounds like a hardware
failure. I assume you tried sticking it in your other socket and that
didn't help. I'm not sure what else to suggest... you could try it in
a different laptop, or try a different card in your laptop, to see if
the problem is a fried card or a fried PCMCIA controller in your
laptop.
-- Dave Hinds
------------------------------
From: Rob <[EMAIL PROTECTED]>
Subject: Re: Sendmail Error Message
Date: Sat, 30 Jan 1999 21:55:18 GMT
> client error 551 "we do not relay." I have added the ip addresses of
> all workstations to the /etc/mail/ip_allow file. Any idea how to make
> sendmail relay?? Or is this message really saying something else?
Stoopid question: Have you restarted sendmail since you changed the
config file?
Also, check the reference in sendmail.cf for the file that contains
relay ips/names
--
-----------------------------------------------------------------
All men are mortal. Socrates was mortal.
Therefore, all men are Socrates.
-----------------------------------------------------------------
------------------------------
From: Rob <[EMAIL PROTECTED]>
Subject: Re: Sendmail as a gateway
Date: Sat, 30 Jan 1999 22:01:16 GMT
"Stephen J. Thompson" wrote:
>
> I have a home network which all masquerades through my linux box to
> the internet. I need to set up sendmail so that it can receive email
> from my isp (Demon UK) and hold them until my exchange box retrieves
> them on a different ip address.
> Can this be done?
Sure. Allow the domain, host, or specifically the IP of the
exchange server into relay domains and then send an 'etrn @domainname'
to port 25 of the sendmail machine.
Forgive me if I do not completely understand your setup.
--
-----------------------------------------------------------------
All men are mortal. Socrates was mortal.
Therefore, all men are Socrates.
-----------------------------------------------------------------
------------------------------
From: Jon Horner <[EMAIL PROTECTED]>
Subject: dhcpd.leases
Date: Sat, 30 Jan 1999 16:59:12 -0500
Reply-To: [EMAIL PROTECTED]
Can someone send me the format for the /etc/dhcpd.leases file? I am
trying to set up a backup dhcp server on my linux box and I don't have
one of the above files and I need one.
Thanks.
Jon
------------------------------
From: "Michael D. Schleif" <[EMAIL PROTECTED]>
Subject: How to build a router ???
Date: Sat, 30 Jan 1999 16:41:35 -0600
I want to build a router. It is to sit between my MediaOne cable modem
and my home network.
It seems that this should be a simple implementation of Linux, since I
already know how to implement routing on my existing boxes.
However, I want a dedicated box, I want it to be secure and I want that
box to do *nothing* except this one (1) routing job. I am looking for
suggestions. Some of the issues I need to examine are:
[a] How *little* Linux need I install and configure to meet these and
*only* these requirements?
[b] What are the minimum hardware requirements to implement this
*without* sacrificing performance?
[c] Where can I find references to this subject? Howto's? Websites?
Books?
[d] Caveats. What are the caveats.
What do you think?
If there is *no* existing Howto, I will be glad to document my success
;)
--
Best Regards,
mds
mds resource
888.250.3987
"Dare to fix things before they break . . . "
"Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . . "
------------------------------
From: [EMAIL PROTECTED] (Mark Post)
Subject: Re: way to browse machines on a network???
Date: Fri, 29 Jan 1999 23:51:19 GMT
Bill Cripe <[EMAIL PROTECTED]> wrote:
>Hummm. I had the same question as David, but can't find anything on
>cheops in my Red Hat distribution, sunsite.unc.edu, or Deja News.
Try ftp://rufus.w3.org/linux/freshmeat/cheops
--
Mark Post
EDS - Operations Technical Support, Mainframe Platforms
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux with Novell 4.11
Date: 30 Jan 1999 02:06:13 +0100
James Ray <[EMAIL PROTECTED]> wrote:
> Trying to get my Linux Server to access the companies Novell NDS Server.
> How do I get the client to login? All the how-tos talk about starting a
> Novell Server. I just want a client.
> Thanks,
> Jim
Try package ncpfs-2.2.0-12. I don't know whether it works with NW 4.01
but it is ok with NW 3.12.
You need ncpmount to mount Novell drives, one basic script to print to
Novell printers , all that should be described in the ncpfs-2.2.0-12's docs.
--
Andrey Nikolaev Ulm university,
Department of Biophysics. Germany.
Email: Andrey.Nikolaev@!get-lost-spammer!.uni-ulm.de
Substitute physik instead of !*! .
------------------------------
From: "Alex Harrington" <[EMAIL PROTECTED]>
Subject: Re: IP Masq and Win95 clients
Date: Sat, 30 Jan 1999 01:09:51 -0000
Are you using dynamic IP allocation? If so, has your lease on that IP
expired after 1/2 hour?
Alex
Andreas Hofer wrote in message ...
>I have set up a house LAN using TCP/IP with a linux box acting as a gateway
>for the network. The problem is with telnet and mail. The WinNT clients
work
>perfectly but the Win95 clients work intermittently. They work for the
>first half hour or so and then they stop. I can get them to work again by
>changing their IP number but they will only work for half an hour or so.
The
>internal network is properly set up as per RFC 1918 (192.168.x.x addresses)
>and the ipfwadm is configured properly. The problem is only with Win95
>machines. I've removed all other daemon's from start up. I have kept squid
>which is used for web browsing. Any suggestions would be greatly
>appreciated.
>TIA
>Andy
>
>
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
comp.unix.admin,comp.unix.programmer,comp.os.ms-windows.networking.windows
Subject: Help! Need program to monitor network activity of all processes
Date: Sat, 30 Jan 1999 01:03:55 GMT
Does anyone know how to monitor the total number of bytes sent and received by
each process on a system, over all ports at all times?
I'm thinking about starting my own Web Hosting company. Most web hosting
companies measure a user's bandwidth usage by analyzing the web server logs.
Consequently, most web hosting companies strictly forbid their users from
running their own servers. However, I wish to allow my clients to run their
own servers, and to charge them by the byte. But how can I count up how many
bytes a given user account has sent/received over all ports? I have looked
at various packet sniffers, but, naturally, none of them can relate packets
back to their issuing (or receiving) process! I was thinking maybe a daemon
could intercept and log all socket calls... that's the best idea I can come
up with (though I don't know how to do it.) Any ideas, anyone? Does there
already exist a program to do this, somewhere? Is it straightforward to
write such a program myself?
Also, does there exist a cheap (or free) web-hosting software package that
does user accounting for you? (with or without the process-level traffic
monitor capability I ask for above.)
You may have noticed I didn't specify what OS I'm asking about... Well,
I have not yet chosen an OS, and I will likely make my OS choice based off the
answer I get to these questions.
Thanks for any help!
-- Archon1617
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Hackers used my linuxserver be hacked gateway How to fixing?
Date: 30 Jan 1999 02:23:37 +0100
bill davidsen <[EMAIL PROTECTED]> wrote:
> In article <780ei4$5ht$[EMAIL PROTECTED]>,
> Ronald BAL <[EMAIL PROTECTED]> wrote:
> | Did u install NFS on the Linux-machine? If u did, remove it at once !
> | Everyone with win3.1,Win95/98 or even DOS can get rootaccess then. Install
> | SAMBA, but configure it properly, especially the permissions.
> Do you have any source for these statements? If they're true, sounds
> like I have to replace Linux with something else ASAP, since converting
> all my clients is not likely or even desirable.
> I thought the security bugs were long ago fixed! Or are you reporting
> something which was only true long ago? I haven't see anything from CERT
> on this in recent software...
> --
> bill davidsen <[EMAIL PROTECTED]> CTO, TMR Associates, Inc
> "Too soon we grow old, and too late we grow smart" -Arthur Godfrey
Don't hurry. First step - romove all services you don't need in
/etc/inetd.conf.
In case you need NFS and you have problems with patches there are two nice
files /etc/hosts.allow and /etc/hosts.deny, ban all privileged ports you
don't need, prortmaper first. You can then allow it for certain IPs in your
internal network. Honestly I've never seen network with massive usage NFS
by windows/dos, means that you need NFS only for UNIX-UNIX connects. This
will leave this security hole open from inside though, i.e. if hacker
has account on computer which is allowed to import NFS from your server
s/he can break in.
--
Andrey Nikolaev Ulm university,
Department of Biophysics. Germany.
Email: Andrey.Nikolaev@!get-lost-spammer!.uni-ulm.de
Substitute physik instead of !*! .
------------------------------
From: David Efflandt <[EMAIL PROTECTED]>
Subject: Re: Hack attack?
Date: Sat, 30 Jan 1999 23:38:23 GMT
Reply-To: [EMAIL PROTECTED]
On 1/30/99, 3:45:00 PM, David Efflandt <[EMAIL PROTECTED]> wrote=20
regarding Hack attack?:
> Is this a sign of a hack attack.
> Jan 30 13:26:52 efflandt in.telnetd[1774]: connect from 208.154.226.1
> Jan 30 13:26:52 efflandt imapd[1775]: connect from 208.154.226.1
> Jan 30 13:26:52 efflandt imapd[1775]: error: cannot execute
> /usr/sbin/imapd: No such file or directory
> Jan 30 13:26:54 efflandt ipop3d[1776]: connect from 208.154.226.1
> Jan 30 13:26:54 efflandt ipop3d[1776]: error: cannot execute
That one was apparently from some school kid in Shawnee Heights, KS
So I sent e-mail about this to root@ node3073.neksed.midusa.net
See: http://node3073.neksed.midusa.net/
I forgot to include this earlier one from cs.mcpherson.edu:
Jan 17 19:28:58 efflandt imapd[675]: warning: can't get client=20
address:
Connection reset by peer
Jan 17 19:28:58 efflandt imapd[675]: connect from unknown
Jan 17 19:28:58 efflandt imapd[675]: error: cannot execute
/usr/sbin/imapd: No such file or directory
Jan 17 19:33:05 efflandt imapd[677]: connect from 198.248.172.252
Jan 17 19:33:05 efflandt imapd[677]: error: cannot execute
/usr/sbin/imapd: No such file or directory
Is there some insecurity with imapd or ipop3d or are they just trying=20
to use an easy in to guess my root password.
--=20
David Efflandt eMail: [EMAIL PROTECTED]
http://www.xnet.com/~efflandt/
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: PPP question...
Date: 30 Jan 1999 14:45:29 -0600
Edmund C. Greene ([EMAIL PROTECTED]) wrote:
: Just a quick question. The ISP I am dialing into wants 2 returns after
: the connect, but I don't know how to put 2 in.
: It should be
: CONNECT
: ^M^M
: but chat only sends 1. When I put two '' in the script nothing happens
: (e.g. 'CONNECT' '' ''). Any idea how I can do this?
Try
CONNECT '\r\d\r'
and "man 8 chat" for why.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* Speak softly and carry a +6 two-handed sword. */
------------------------------
From: "Scott T. Dupuie" <[EMAIL PROTECTED]>
Subject: Network Startup Problem
Date: Fri, 29 Jan 1999 19:35:12 -0600
I am running RedHat 5.2 on a micron Tranport XKE laptop connected
to a network of Sun Sparcstations. When I boot Linux on my laptop
while connected to the network, the network doesn't work (i.e. I can't
even ping numerically). However, if I go to /etc/rc.d/rc3.d and type:
./S10network stop
./S10network start
Then everything works fine. I am starting up in runlevel 3 and the
network daemon does seem to be running after I boot because I have
to stop the network before I can successfully restart it. After I get the
network running I can also restart the NIS daemon and NIS works fine.
This leads me to believe that I have the network configured properly.
My network hardware is explicitely supported and I have the latest
kernel. There is nothing in the boot record (at least that I can see) that
would indicate a problem.
Does anybody have any ideas why the network is not starting up on
its own properly?
Scott Dupuie
------------------------------
From: [EMAIL PROTECTED] (Brad Harrell)
Crossposted-To: comp.os.linux.misc
Subject: Slow transfers between 2.2.1
Date: 30 Jan 1999 19:00:22 GMT
Anyone know why I would be getting slow transfer rates between
2.2.1 systems? I have one system on subnet A (2.2.1) and two systems
on subnet B (2.0.36 & 2.2.1). Transfers from A to the 2.0.36 run
at full speed (ISDN 15Kps). Transfers from A to the 2.2.1 run around 5x
slower (2-3Kps). Both machines on B have the same 10MB card and are
connected to the same switch. There are no differences between the two
systems processor or HD wise. All three systems run RH5.2 hand
upgraded to either the 2.0.36 or 2.2.1 kernel. The kernel configs
are pretty much the same for all systems.
I've also noticed this slowness to another 2.2.1 system on the same
network but different subnet.
I'm noticing this mainly on ftp and scp transfers, but those are
just the utils that report stats. Ssh does seems slower under
the conditions above. This all seemed to have started a few days
ago when I upgraded the revelant systems to 2.2.0/1.
Any ideas what might be going on?
Thanks,
-Brad
---
Brad D. Harrell <http://flash.gatech.edu/~bharrell/>
[EMAIL PROTECTED]
Georgia Institute of Technology
------------------------------
From: David Efflandt <[EMAIL PROTECTED]>
Subject: Re: all
Date: Sat, 30 Jan 1999 23:52:29 GMT
Reply-To: [EMAIL PROTECTED]
On 1/30/99, 3:57:39 PM, Simon Faulkner <[EMAIL PROTECTED]> wrote=20
regarding all:
> I have set up my RH 5.2 Linux to accept Dial in connections and I am
> trying to allow Win95 users to connect using DUN
> I have managed it using a script to pass name, password and then
> transmit "exec /usr/sbin/pppd -detach"
> but I am wondering how to use DUN without a script.
> Can I start pppd from the passwd script or bash_profile
> I have tried but with no sucess
> Simon
> --
> Simon Faulkner
> http://www.elkstone.demon.co.uk
See dialin.txt at http://www.xnet.com/~efflandt/linux/
------------------------------
From: Ed Finch <[EMAIL PROTECTED]>
Subject: Re: DHCP Server setup - Complete rookie need help please
Date: Sat, 30 Jan 1999 19:30:31 -0500
GV Morgon wrote:
>
> I checked out "man dhcpd" and it gave some
> interresting info, but when I type "dhcpd" at the command prompt nothing
> happens. "Command not found" error.
It's /usr/sbin/dhcpd
> I noticed that in the /sbin directory the
> dhcpcd program is in there, but when I type "dhcpcd" at the prompt, I get a
> "Command not found" error.
You may not have /sbin in your path.
Also, read the man pages for dhcpd.conf and dhcpd.leases.
Regards,
Ed
--
Q: Why do PCs have a reset button on the front?
A: Because they are expected to run Microsoft operating systems.
------------------------------
From: "Stephen Allen" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.questions
Subject: Windows NT Proxy and Linux Configuration
Date: Sat, 30 Jan 1999 03:40:56 GMT
I've recently added a Linux (Redhat 5.1) system to my network which is using
a Windows NT 4.0 server running Proxy Server for connection to the internet
via a cable modem.
After searching the MAN pages and all the HOW-TO's I can find, I still can't
get the Linux box to access the internet at all. (All the HOW-TO's address
using Linux as the Proxy Server)
Any suggestions?
Thanks,
Stephen Allen
mailto:[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Scallica)
Subject: Samba Permissions Question...
Date: 30 Jan 1999 22:55:44 GMT
Yo-
How do I setup Samba so that every file I put on a network drive in Win95
is set to rwxrwxrwx? Thanx.
------------------------------
From: Michael Longval <[EMAIL PROTECTED]>
Subject: Trouble setting up 2 computer network
Date: Sat, 30 Jan 1999 03:15:19 +0000
Hello, here is the situation
1) Hardware:
Computer 1 (to be server):
Gateway 2000 P5-100
64Meg Ram
RedHat 5.0
Generic 10BaseT Ethernet card (identified by Win98) as Realtek
RTL8029
Connected, via crossover cable (no hub) to :
Computer 2:
IBM ThinkPad 380D
48 Meg Ram
RedHat 5.0
Kingston KNE-PC2 PCMCIA Ethernet adapter
2) Goals
Simple file and print sharing, if possible use server (Computer1) to
dial Internet.
3) Assertions
System connects and works under Win98 (file and print sharing only,
no Internet), so I
do know that it works.
4) Problem
Under Linux, the Kinston PCMCIA card is recognized and initialized
as eth0, I can do a
% ifconfig eth0 ...... (stuff)
and it comes up.
However the Gateway (Computer 1) does not seem to initialize the
Realtek RTL-8029 to
eth0.
Both systems are using the exact same setup of RedHat. (Networking
IS enabled)
Computer 1 (the Gateway) reports in /proc/pci:
"""
PCI devices found:
...stuff ...
Bus 0, device 13, function 0:
Ethernet controller: Realtek 8029 (rev 0).
Medium devsel. IRQ 9.
I/O at 0xff40.
...stuff...
"""
So I know that the card was found, but it doesn't initialize.
P.S. I configured the 'netcfg' command (as root) to have an eht0
interface
with the following parameters :
| Interface | IP | proto | atboot |
active |
| ==================================== |
| eth0 | 192.168.0.1 | dhcp | yes | active
|
the 'netcfg' command echo's the following message:
> Delaying eth0 initialization.
Any ideas what is going on, and how I can fix it??????
Thanks
Michael J. Longval, M.D.
[EMAIL PROTECTED]
------------------------------
From: "Brian Hong (ȫ����)" <[EMAIL PROTECTED]>
Subject: where's IPIP tunneling documents?
Date: Sat, 30 Jan 1999 13:08:55 +0900
Can I get some documents about IPIP tunneling from Internet?
Let me know where...
--
Brian Hong (ȫ����) Inet, Inc.
Ph) +82-2-531-7923 Email) [EMAIL PROTECTED] , [EMAIL PROTECTED]
Fx) +82-2-555-8127 Home) http://members.iworld.net/wits
------------------------------
From: David Efflandt <[EMAIL PROTECTED]>
Crossposted-To: comp.unix.questions
Subject: Re: Telnet Puzzle
Date: Sat, 30 Jan 1999 04:20:50 GMT
Reply-To: [EMAIL PROTECTED]
On 1/29/99, 4:25:27 PM, [EMAIL PROTECTED] (Stephan Gross) wrote=20
regarding Telnet Puzzle:
> I'm telnetting from my Windows 98 box to a three-times removed Unix
> box, like this: Win98 -> Router1 --> Router 2 -> Unix
> The Win98 box is on a different network than the Unix box.
> Here's the puzzle: I can telnet from win98 to Router1, win98 to
> Router2, but not Win98 to Unix. On the other hand, I can also telnet
> from Router2 to Unix. How can this be?
> Thanks in Advance,
> Steve Gross
Yes, but can you telnet from Unix to Router1
If you are sure that your routing is correct, it could just be a DNS=20
problem, and you give up before DNS timeout. Is your Win98 IP listed=20
in /etc/hosts or DNS used by Unix?
------------------------------
From: "Jesus M. Salvo Jr." <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,linux.redhat.install
Subject: SOLVED!! modprobe: can't locate module net-pf-4
Date: Sun, 31 Jan 1999 00:50:32 +0000
Ever since I removed IPX and AppleTalk as modules (my default
installation had these two protocols compiled as modules) as long time
ago, I get the following errors at startup:
modprobe: can't locate module net-pf-4
modprobe: can't locate module net-pf-5
I did not bother why these are happening then. Now I do and have it
solved.
All you have to do is to manually add the following lines in
/etc/conf.modules:
alias net-pf-4 off
alias net-pf-5 off
and that's it!!!!
If you have to use IPX or AppleTalk, you need to comment these out.
Why this is not done automatically, I dunno.
I found the answer in /usr/src/linux/Documentation/modules.txt
If you can't find it, try:
cd /usr/src
find . -type f | xargs grep -e 'net-pf-4'
John Salvo
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Crossposted-To: comp.os.linux.setup
Subject: Re: How to get the local IP address after booting with DHCP?
Date: Sat, 30 Jan 1999 17:07:35 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Greetings!
>
> I'm in the process of building a Beowulf cluster. I would like
> to boot the slave nodes via DHCP served from the master node.
> I've got it all working, but the client doesn't know its own
> IP address after boot. The address is stored in a file under
> /etc/dhcp..., but /etc/hosts isn't updated. If I configure
> /etc/resolv.conf to check files first, for example, and
> try an nslookup command on the local machine's name, it gives
> an error that the name can't be resolved.
>
> How is this supposed to work?
>
>
> Best regards,
> Ed
> --
> Q: Why do PCs have a reset button on the front?
> A: Because they are expected to run Microsoft operating systems.
>
The DHCP client daemon (dhcpcd) does not modify the hosts file. When it
successfully gets an IP address from the DHCP server it:
1) writes /etc/dhcpc/hostinfo-eth0 with the received parameters
2) writes /etc/dhcpc/resolve.conf with the received DNS paramsters
3) it changes the address/netmask/broadcast entries for the interface
4) it changes the default route (if set on the server)
It does NOT overwrite the /ets/hosts file.
The DHCP server daemon (dhcpd), conversely, does not modify the DNS
entries to reflect the fact that an IP address has been allocated.
So, what to do?
OPTION 1: Use hostname or MAC address for IP lookup.
SUBOPTION A: Use hostname. (I haven't done this)
You can configure dhcpd to use the hostname of the requesting client.
On the client: dhcpcd -h machinename
On the server:
host machinename {
fixed-address machinename.yourdomain.com;
}
where machinename.yourdomain.com is given a fixed IP via your DNS
machinename.yourdomain.com IN A 192.168.1.1
SUBOPTION B: Use MAC address. (I have done this)
You can configure dhcpd to use the MAC address of the requesting client
as a lookup for a hostname:
host machinename {
hardware ethernet 00:11:22:33:44:55;
fixed-address machinename.yourdomain.com;
}
where machinename.yourdomain.com is given a fixed IP via your DNS
machinename.yourdomain.com IN A 192.168.1.1
The advantage of using the MAC address is that no other machine can
easily spoof the MAC address.
The end result is that machinename doesn't get a random IP address from
the DHCP subnet but a fixed one based on hostname or MAC address. The
advantage of using DHCP, then, is one of centralising the IP parameters.
OPTION 2: Use dynamic DNS.
bind 8.1.2 supports dynamic DNS and comes with an nsupdate program. You
have two choices:
SUBOPTION A: dynamically update from server (I haven't done this)
When the DHCP server daemon allocates an IP address it updates its
dhcp.leases file. You can configure a cron job to scan the dhcp.leases
file frequently and to call nsupdate with the hostname and ip address.
The advantage of this is that it is secure (on the server only). The
disadvantage is that you're running this cron job very frequently and it
probably isn't going to do much most of the time. When www.freshmeat.net
is back up (RedHat's servers are on the move), check out the appindex for
dynamic DNS.
SUPOPTION B: dynamically update from client (I have done this)
When the DHCP client daemon receives an IP address, it can be configured
to run a shell script using the "-c filename" option. The daemon passes
via the environment to the shell script the IPADDR, NETMASK, ROUTER, etc.
parameters that it received from the DHCP server. Then, in the shell
script, you could call nsupdate. The advantage is that the DNS server
gets updated if and only if the DHCP client gets an address. The
disadvantage is security. The dynamic DNS update protocol is not secure.
You basically leave a hole in your DNS that anyone can connect to with
nsupdate and cause your DNS to be updated. Adding security to this
protocol is currently under discussion (check out www.isc.org)
Hope this helps,
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: Dale Lakes <[EMAIL PROTECTED]>
Subject: Re: IRC, identd, Masquerade
Date: Sat, 30 Jan 1999 04:29:48 GMT
ftp://sunsite.unc.edu/pub/Linux/system/daemons/identd-masquerade.tgz
heheh... what's wrong with IRC...? ;)
Jay Thorne wrote:
> Let me preface this with "I don't use IRC, myself".
>
> I'm getting some complaints from my users (my daughter and my son) that
> the irc servers they want to talk to won't let them in because the identd
> probe is
> returning no-user.
>
> This is because I'm using ip masquerading and the in.identd is not finding
> a valid user id to attach to their tcp connection. This is probably the
> secure
> way to deal with it, but I'd like to have identd return something useful.
>
> Am I going to have to run some sort of "wingate" like tool?
>
> These machines are 1 pc running lose95, two MacOS boxes (a new G3 and
> my old PMac 6100).
>
> They have perfectly adequate IRC client software, no X servers to run
> yagirc
> or something.
>
> So can someone give me a crash course in identd spoofing for fun and
> profit,
> using only a tooth pick and a small ruby grapefruit? and, of course, a
> hundredweight of slightly soiled electrons.
>
> --
> Jay Thorne [EMAIL PROTECTED] KE Software
> http://www.kesoftware.com
--
"The best defense against logic is ignorance."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
