Linux-Networking Digest #124, Volume #10 Sat, 6 Feb 99 03:14:05 EST
Contents:
Re: Winmodem (Lee Sau Dan ~{@nJX6X~})
Re: Cox@Home (Josh Rusko)
Re: Linux & Windows & Samba / password encryption? (Scallica)
Re: Sound and Network conflict (Doug Nordwall)
questions about email addresses (Josh Rusko)
Re: Accessing a HTTP proxy from Linux ("G.T.")
Re: Fix for Netscape replacing excess dots with underscores (was rpm question)
([EMAIL PROTECTED])
Re: Firewall (Josh Rusko)
Re: Will Linux work with a Cable Modem??? (Rick Onanian)
Linux DHCP vs NT (Sean MacLennan)
Re: Linux/W95 Network (William Suetholz)
A better DyNIP? (Dot Matrix)
How to decide which interface a packet *leaves* from? (Doug McLaren)
Re: limiting Web site access in Linux (Greg Weeks)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Lee Sau Dan ~{@nJX6X~})
Subject: Re: Winmodem
Date: 06 Feb 1999 13:54:07 +0800
>>>>> "Lew" == Lew Pitcher <[EMAIL PROTECTED]> writes:
Lew> However, we *do* have analogous packages already developed
Lew> and installed; what is Ghostview/Ghostscript if not an
Lew> implementation of a component that *should* have been (and
Lew> usually is) implemented in hardware?
I understand what you mean, and I agree that Postscript support should
be in the hardware. However, I don't think that would make
Ghostview/Ghostscript redundant. This is because the latter provides
a means for previewing the print-outs before actually printing them on
paper. That saves much paper, which is a, well..., precious resource.
So, I mean Ghostview/Ghostscript does worth existing with its X11,
ascii and pdf drivers. The other printer drivers would better be
shifted into the printing device, though.
Lew> The reasoning for
Lew> keeping DSP processing on a chip (and off of the system) is
Lew> the same reasoning for keeping rendering processing on a chip
Lew> (and off of the system).
Yes. But how much is saved by off-loading the DSP functions onto the
CPU? Not much. Does the CPU do the functions well? No. How about
the case for Postscript? Off-loading Postscript interpretation to the
CPU does lower the cost significantly, and the CPU is not too bad at
interpretation of Postscript. Rasterization and graphics rendering
would be better done by specialized chips, however.
--
Lee Sau Dan �$(0,X)wAV�(B(Big5) ~{@nJX6X~}(HZ)
.----------------------------------------------------------------------------.
| http://www.cs.hku.hk/~sdlee e-mail: [EMAIL PROTECTED] |
`----------------------------------------------------------------------------'
------------------------------
From: Josh Rusko <[EMAIL PROTECTED]>
Subject: Re: Cox@Home
Date: Fri, 05 Feb 1999 21:43:57 GMT
I just got my cable modem with @home a couple days ago, but I do have to use
dhcpcd. my fqdn is something.baden1.pa.home.com, so yours sounds about
right...
to connect all you should have to do is use
dhcpcd -h cx45917-a
any other settings you should be able to get by running winipcfg while in
windoze and see what settings it has there for dns servers and so on
good luck
John Duncan wrote:
> I'm having difficulty configuring Caldera 1.3 to connect to the net
> using my cable modem. I've had different messages (some about the DNS
> server and others saying it couldn't find www.yahoo.com). I've read
> several articles about the DHCP and how you need to have that and then
> I've read several articles saying there's no need for it.
>
> Some details on my end are:
> @Home is my ISP and I'm able to get info on my computer name
> "cx45917-a", my static IP address, subnet mask, gateway/router, DNS/Name
> Server 1 and 2, and Domain.
> The domain is escnd1.sdca.home.com
> I'm assuming that my FQDN is cx45917-a.escnd1.sdca.home.com
> Does that sound right. Also, linux asks for a broadcast and network
> when configuring the network properties. I don't have that info, but I
> book I read said that I could use the defaults. My eth0 is being read
> because I see it in bootup and when I use ifconfig I can see both l0 and
> eth0, with my IP address shown under eth0.
> Under win98 in the network properties (TCP/IP) I have disable WINS
> resolution which makes the "Use DHCP" button greyed out. I don't know
> if any of this makes sense but if someone could help, it would be
> greatly appreciated. Let me know if you need more info.
------------------------------
From: [EMAIL PROTECTED] (Scallica)
Subject: Re: Linux & Windows & Samba / password encryption?
Date: 5 Feb 1999 21:44:03 GMT
Yes, Redhat 5.2 comes with Samba, and does support encryption with Win 95/98.
However, you may be interested in visiting the Samba homepage cuz the new 2.0
release came out.
Download Redhat Linux 5.2
ftp.cdrom.com
ftp.digital.com
Samba Homepage
http://samba.gorski.net/samba/samba.html
------------------------------
From: Doug Nordwall <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: Sound and Network conflict
Date: Tue, 02 Feb 1999 18:57:54 -0700
"Aristotle B. Allen" wrote:
> I just set up my linux box from scratch, a clean install when I set it
> up I built an NE2000 ISA card at 0x240 10, it worked fine
>
> after that I ran sndconfig to get sound set up and had some problems
> My card is a SB AWE 64
> 1) it diddn't find the card the first time I ran sndconfig
> 2) I ran it again and it seems to have found the card and set up
> everything properly, awe, opl3, wav etc..
> 3) now I cant get out on the network
>
> there are no apparent conflicts with io, irq, or dma, I checked but the
> are all set properly
>
This sort of problem really sounds like an irq problem. Triple check them, I
would say....
>
> what is wrong and how can I fix it.... I need to use my network... but I
> also want sound for some Quake2
>
> Aristotle B Allen
> Lucent Technologies
--
Doug Nordwall "Who's the bigger fool?
New Mexico Highlands University The fool or the fool who follows him?"
[EMAIL PROTECTED] -Ben Kenobi
=====BEGIN PGP PUBLIC KEY BLOCK=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
mQGiBDauf+URBADlBwSZOIZVXhlQdcDs9T5kRJ60EKGvsmhOGt+xpF+Zz+hDak8P
jZQzIDlh5aOZhOOGzEED6t/GMkSQQMM2DmVCS65XcnnNWKpJImHOinqt06PFn1EK
7xj7Dn2IdoXfMh04oGoM+UuOmvlLMwjxaVJqsYL1wtSuQHWqMPtILRz9ywCg/wop
JJMlLQS6myYZR1sKjFDortMD/2MHhftaODYaDJIorwfEKFgoGqcvQCtyv4WkqT3I
GT9ciUeLfksF4ty5ELdsLMEzcX4gZ0to6kwBH4s0cReH2sT+/LXdiwF67vkfRhEN
reNBYRjadY3cIKFR/D0EveMDRGh7hrG0iVXfUVT15G00wmaECk3BMGRBWoMn94OH
PrHlA/9tX30SYvw3uYelgYilx1SFW8Sxr4+Kv4PT6mL0tWl146DuWtogSf0LDI43
+6j2HpXCbh1KurJyD6kWH0YANRTzXYZ+v45KeUgdMLUu5HXUIGG3VTuzDh/XZQwu
BgATqHgg9w3pOhxBr6Cqq3WGattjBBhvYGFMXkV114YxLEWTpLQmRG91Z2xhcyBO
b3Jkd2FsbCA8bXVzYXNoaUBjcy5ubWh1LmVkdT6JAEsEEBECAAsFAjauf+UECwMC
AQAKCRDudDJFnMDeAXoSAJsGcxDRIM45RlJ8otP6AEI8ZZAqDQCgrETj3smkEp93
8dDo2oOQycv8bUS5BA0ENq5/5RAQAPkYoH5aBmF6Q5CV3AVsh4bsYezNRR8O2OCj
ecbJ3HoLrOQ/40aUtjBKU9d8AhZIgLUV5SmZqZ8HdNP/46HFliBOmGW42A3uEF2r
thccUdhQyiJXQym+lehWKzh4XAvb+ExN1eOqRsz7zhfoKp0UYeOEqU/Rg4Soebbv
j6dDRgjGzB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPE
gxEmK0Ngw+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp
19J3tkItAjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3Ki
utapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l
6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9
kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIiz
HHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgR
jXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Je
w1XrPdYXAAICD/sGS6Ojln2guVWIfGlyn+jK1Kw5bPV1JjTICskytxWdT/wy/FL3
kGFbFV1qnsR4R/xMyKlWfJhrOW8UzkbZwwQNR1fNTTN2+zfnwF28YxFvbmJWth3g
s7BPkEI5Ph2TIyOepO7VJjLyXpUrpJ41CLo2Lch8++IMrxXh0DadY6qn5qy6EMz9
SyJMIoFm1iCaXtqkGPTVbBQe9KVlD60WOaHJpgd7rGuO7mnNZSrgtQaYMT++g/cl
j0+ETm9XxfXa3K8H0Q6MkQCTMLb/l1Sq68nOUxJHaYRgIJS5YzWkWIS7mhjCPEgN
0r24wKanngqo/zLQ45UDT0CN5oon3rF5xXkO7YdazmInuklp/nx+WgHdFmpEsz0p
nyedajjacqIQyCH5pftYxO4KVMQ1XoZnCGgPfxdO4bp/kTk7Hy0JfAK3KnsCYods
PJBlR1Axe9x8TVybpCoRyJwuvq3oMGS3nweeVpPQcjV7D4aexAZuS1qXYFmaV//x
h6DBGqYcKC1YkfWaedltxd9HMFEq6BRwp03nxV5Q3eHzGWpgkm73Y9u2S5iep93Y
qSp+n9cXjfYoPYc+9Bc/oosxBXdknx0chp8PJ8lEvPHCySZrogNN/B4vnFPElXaG
QbF/p6Ff7rUnbOGRW7fGC9QQgRQU3lxWY+pBzBpWHIKY16KhkcLAN7iVf4kARgQY
EQIABgUCNq5/5QAKCRDudDJFnMDeAUqdAJ4wkHSCsCf4Os1+jTolmqjJb4YLbwCf
ZnleaG6F2s1zhL1yeKse1bbO79Y=
=b37d
=====END PGP PUBLIC KEY BLOCK=====
------------------------------
From: Josh Rusko <[EMAIL PROTECTED]>
Subject: questions about email addresses
Date: Sat, 06 Feb 1999 06:34:27 GMT
I have 2 questions dealing with email addresses. One, how would you
create an email-only account without setting up a login account for that
person? Two, with login names being restricted to 8 characters, how
would you set up an email account with more than 8 characters in the
name? I thought of possibly using /etc/aliases to have a longer name
point to an 8-character name, but this only works for incoming mail;
they still have to log into the mail server with the 8-character name.
Even if that did work, there has to be a more elegant solution. Any
ideas?
------------------------------
From: "G.T." <[EMAIL PROTECTED]>
Subject: Re: Accessing a HTTP proxy from Linux
Date: Fri, 5 Feb 1999 10:06:43 -0800
Paul A. Cheshire wrote in message ...
>On Fri, 22 Jan 1999 19:53:04 GMT,
>Francois Jaccard <[EMAIL PROTECTED]> wrote:
>>Hi,
>>I have a cable-modem on my Win98 machine and I would like to be able to
access
>>internet through it from Linux (Red Hat 5.2). I am running Wingate 2.1d on
the
>>Win98 machine.
>>
>>How can I use the Wingate machine as HTTP Proxy for Linux? I can browse
from
>>another win98 machine via wingate so it is configured correctly but how do
I
>>use a HTTP proxy on Linux with wget?
>>I put the IP of the wingate machine (192.168.0.1) as gateway but it does
not
>>work.
> ^
> |
>
>I believe you cannot use zeroes or 255 in normal IP addresses. They are
used
>for network and netmask addreses only.
not true, the host address can't be zero but to have zeroes within the
address as above is completely ok.
I believe you need to configure your browser to use the Wingate machine as a
proxy, check your Preferences if you are using Navigator.
greg
------------------------------
Crossposted-To: comp.os.linux.setup,comp.os.linux.admin,comp.os.linux.questions
Subject: Re: Fix for Netscape replacing excess dots with underscores (was rpm question)
From: [EMAIL PROTECTED]
Date: 05 Feb 1999 22:15:58 +0100
Ken <[EMAIL PROTECTED]> writes:
>
> Don't know about other platforms, but with OS/2 this "feature" can be
> disabled: In your prefs.js file, add the line
>
> user_pref("os2.replace_dots", false );
>
> There may be something equivalent for Linux. I'd guess it would be
> "linux.replace_dots" in ~/.netscape/preferences.js, but haven't tested
> it yet.
As I've never d/led linux software with netscape/ie4 under winxx I
thought it was win-behaviour. I've never experienced this conversion
with netscape under linux, though. So maybe it's just the combination
of browser and os which does it? Or does it happen when you copy that
x.y.rpm from another filesystem to ext2?
Wolfgang
--
wobo <[EMAIL PROTECTED]>
Powered by Penguin Wisdom
------------------------------
From: Josh Rusko <[EMAIL PROTECTED]>
Subject: Re: Firewall
Date: Sat, 06 Feb 1999 06:46:27 GMT
You didn't say whether or not you were running IP Masquerading on the firewall
computer, but you need to. The LAN computer's routing table should include eth0
as default route, with 192.168.2.1 as a gateway. Or was that what you tried when
route hung? I didn't see anything else wrong with your setup, but then again I'm
still a little newbie.
I hope this helps
Josh Stone wrote:
> Okay,
>
> I've got several computers (3 right now, soon to be 5) all networked
> together with 3Com 3c503s (hey, $5 a pop, how could you go wrong?). I
> also have a cable modem, running through a 3c509b. Everything works
> great...until I try to make one a firewall to give the others online
> access.
> I've been able to get everything working such that I can ping the
> internet from the firewall computer and all other computers on the
> network. I can ping the firewalls LAN IP from the LAN computers, AND
> the internet side of the firewall. However, I cannot ping anything
> outside of my house from the LAN computers.
> The firewall howto is great, and got me this far...but I'm stuck
> because it does not tell me what to do if I can ping the internet side
> of the firewall and not the internet (it just tells me that I have to
> have IP forwarding on to do so). I have IP forwarding on, so I'm left
> with no other help (my distribution doesn't come with the NET-2 howto
> mentioned in the firewall howto, and I haven't the patience to go dig it
> up somewhere).
>
> Here are a couple route tables:
>
> firewall computer (Though it's probably not a big deal, I've made myself
> anonymous by doctoring my cable modem's IPs. Wherever you see x's in
> the IP, it's my cable modem):
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> x.x.x.0 0.0.0.0 255.255.255.0 U 0 0 5 eth0
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 3 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 4 lo
> 0.0.0.0 x.x.x.1 0.0.0.0 UG 0 0 13 eth0
>
> And, of course, one of the LAN computer's route table:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 18 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 4 lo
>
> If I try to assign a gateway of 192.168.2.1 (which would be the
> firewall computer) route hangs, and I can do nothing over the network
> but ping. Go figure.
>
> If you're REALLY interested, here's a few lines from the ifconfig
> output:
>
> firewall computer:
>
> ...
> eth0 Link encap:Ethernet HWaddr 00:60:97:5D:24:49
> inet addr:x.x.x.161 Bcast:x.x.x.255 Mask:255.255.255.0
>
> ...
> eth1 Link encap:Ethernet HWaddr 02:60:8C:0C:8E:47
> inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
>
> ...
>
> and the LAN computer:
>
> ...
>
> eth0 Link encap:Ethernet HWaddr 02:60:8C:2A:32:68
> inet addr:192.168.2.16 Bcast:192.168.2.255 Mask:255.255.255.0
>
> ...
>
> Thank you much for any help...
>
> -Josh O-
>
> --
> "I heard you say, 'It's a pity I never had
> any children.' But you're wrong. I have...
> thousands of them, all boys."
> -Mr. Chips in, "Goodbye, Mr. Chips" (1939)
------------------------------
From: Rick Onanian <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,alt.os.linux,comp.os.linux
Subject: Re: Will Linux work with a Cable Modem???
Date: Fri, 05 Feb 1999 16:51:07 -0500
Richard Tilmann wrote:
> From my own recent experiences with this matter:
> Yes, they can. You need to configure your Linux box with IPMasquarading.
> Then on the WIN 95 boxes, in the network setup configuration, set the
> gateway to the linux box IP address.
Don't forget to set up the windows boxes on an internal, reserved network. :)
> Don't think so. My cable modem setup by the ISP required the hardwired MAS
> address on the network card. This is unique to every card manufactured.
> In other words, your cable modem account can only talk with your specific
> network card.
If you have the Motorola cable modem that @home rents to me, just hit the
little "reset" button on the back, and it reads in your new card's address. I
had trouble everytime I switched it to a differant card, I thought all my cards
were bad, but then someone told me that it remembers the hardware address and
boom! it worked...
rick
> > Security for the website is also a thing. How do you setup linux to only
> > let web surfers access certain directories and not others??? Just
> > wondering...
> > Oh and thanks for anybody who helped me on PPPD, It was a real pain, but
> > I think I got it.
> > Mike Tin
> > Please Respond via Email at [EMAIL PROTECTED]
>
> \
------------------------------
From: Sean MacLennan <[EMAIL PROTECTED]>
Subject: Linux DHCP vs NT
Date: 05 Feb 1999 17:02:20 -0500
I am trying to connect to an NT DHCP server using Linux. The NT server
is supposed to give us a pseudo-static IP address based on our
ethernet address. This IP address is hardcoded is then hardcoded in
the DNS map.
This works for a while, but NT sometimes gives a new IP address and
screws things up.
The NT admin staff seems to think that we are not responding to the
lease messages correctly. Any hints, tips, gottchas?
Sean
base system: RedHat 5.2
kernel: 2.0.36 and 2.2.1
dhcpcd: 1.3.16-2
controller: 3com 3c905
--
|-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-|
PIKA Technologies Inc. http://www.pika.ca
155 Terence Matthews Cr e-mail [EMAIL PROTECTED]
Kanata, Ont, K2M 2A8 Phone (613) 591 1555
Canada Fax (613) 591 9295
|-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-|
------------------------------
From: William Suetholz <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Linux/W95 Network
Date: Fri, 05 Feb 1999 17:21:10 +0000
This is a multi-part message in MIME format.
==============A5D1755242B633405F23DDBF
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
It's probably because of a DNS lookup being done by your Win95 box. It doesn't know
how to
transform the name for you Linux box into an IP address. Do you have the name of you
Win95 box in
Linux's /etc/hosts file? Maybe you can fix
this by adding the Linux box's name into LMHOSTS?
You may not want to turn off the autodialing capabilities of Win95 if you
like that when trying to go to the internet.
Bill Suetholz
[EMAIL PROTECTED] wrote:
>
> I couldn't find an answer to this problem on these forums, so here goes...
>
> I've got RedHat 5.2 installed on one machine talking to a Windows 95 box over
> Fast-Ethernet. I can ping from Linux to W95 using it's name or IP address. I
> can ping from W95 to Linux using the IP address. If I ping from W95 using the
> Linux machine name, the W95 box tries to dial my ISP. If I cancel that
> dialog, then the ping works. I'm pretty sure I have the W95 HOSTS file set up
> right. However, if I rename the Hosts file to something else, the ISP doesn't
> get dialed. But then the ping to Linux by name won't work. Also, if I try to
> dialup my ISP, it tries to resolve the connection through the Ethernet
> connection, and eventually craps out, unless I rename the Hosts file again.
> How do I keep W95 from dialing the ISP, and vice versa, while leaving the
> Hosts file intact? Is there a DNS problem here?
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
==============A5D1755242B633405F23DDBF
Content-Type: text/x-vcard; charset=us-ascii;
name="wsuetholz.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for William Suetholz
Content-Disposition: attachment;
filename="wsuetholz.vcf"
begin:vcard
n:Suetholz;William
tel;work:(414)784-6411X619
x-mozilla-html:FALSE
url:http://www.centonline.com/
org:Centurion, Inc.;Application Development
adr:;;2825 S. Moorland Rd.;New Berlin;WI;53151;USA
version:2.1
email;internet:[EMAIL PROTECTED]
title:Sr. Integration Specialist
x-mozilla-cpt:;26464
fn:Bill Suetholz
end:vcard
==============A5D1755242B633405F23DDBF==
------------------------------
From: Dot Matrix <[EMAIL PROTECTED]>
Subject: A better DyNIP?
Date: Sat, 06 Feb 1999 17:32:44 +1000
Does anyone know of a service similar to dynip (www.dynip.com) but for
free?
Thanx.
--
##
/~~\
|00|
+-----------------------oOOo--oOOo----------------------+
| ID Card |
| ####### |
| Nick: Dot Matrix |
| email: [EMAIL PROTECTED] |
| |
| A Penguin that Rocks, or a Window that locks? |
| Cyrix, what do you want to fry today? |
| If it's tourist season, how come we can't shoot 'em? |
+-------------------------------------------------------+
------------------------------
From: [EMAIL PROTECTED] (Doug McLaren)
Subject: How to decide which interface a packet *leaves* from?
Date: 6 Feb 1999 07:23:15 GMT
Here's my setup ...
eth0 is a static IP address, but on a slow 28.8k link.
eth1 is a dynamic IP address - on a cable modem, so it's fast.
Both IPs come from totally different places and are totally unrelated
to each other.
I want to let email come in on eth0 (this is why I still want the
static IP address) and if I can, I'd like to make mail only go out
through eth0 (but this aspect is less important.)
By manipulating the routing table, I can make one or the other
interface work for a given remote site, but I can't make both work at
the same time. For example, if my routing tables are set up so that
my route to host A goes through eth0, then host A can ping my eth0
address and all works fine. However, if host A pings the eth1
address, the pings come in through eth1, as expected, but then they go
out through the eth0 address (I can see this with tcpdump) and are
caught by the ISP's source filters (which are of course a good thing
to have.)
Ideally, I'd like packets *from* the eth0 network to always go out
through eth0, and packets *from* the eth1 network to always go out
through eth1. If I'm making a new connection outbound, the source
address would be chosen by the routing tables, as is normal, except
maybe if it's to 25/tcp, it would only come from eth0.
Did that all make sense? :)
I'm guessing that I need to use ipfwadm or ipchains (I'm using kernel
2.2.0, so it's ipchains that I need to use) to force packets from a
given interface's network out through that interface, but I can't
figure out how to do this, even after going over the howtos and man
pages carefully. Anybody done this and can offer some hints?
Another nice thing might be to make 25/tcp outbound connections (and
always these connections) always go out through eth0 (so the Received:
headers are `correct' and so I don't get caught by any spam filters
that would catch my cable modem address. I'm guessing that the way to
make this work is via IP masquerading (even though there's only one
host involved) but I havent figured out how to do it. (of course,
this is a lot less important than, and requires that I get the first
part working first, so I haven't tried yet.) Another way might be to
make sendmail specifically bind to the eth0 when sending outgoing
email ... but I'm guessing there's an easier way.
Thanks ...
--
Doug McLaren, [EMAIL PROTECTED]
Unsolicited email of a commercial or advertising nature is not welcomed.
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Greg Weeks)
Subject: Re: limiting Web site access in Linux
Date: Fri, 5 Feb 1999 16:15:11 -0600
In article <79fbv5$5u7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] writes:
> Hi -
>
> I am in the process of setting up my first Linux machine (running RedHat
> 5.1). It will be used for Internet access by our employees to 2 specific Web
> sites (not in-house). My question is: is there any way that I can limit
> which Web sites may be visited? The fear by Administration is that folks will
> rummage about in all sorts of sordid Web sites on Company time, and they
> would like for me to eliminate that as much as possible.
>
> Thanks in advance for any help you can give!
Block port 80 on the firewall and set up a proxy with apache,squid,
whatever that limits access. You can even turn on transparent proxying
and it becomes invisible. It might also be possible to use ipfwadm to
selectivly block port 80 so that only some IP addresses allow requests
to go out.
Greg Weeks
--
http://durendal.tzo.com/greg/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
