Linux-Networking Digest #163, Volume #10 Wed, 10 Feb 99 03:13:54 EST
Contents:
Newbie w/inquiry. ("Andy Koch")
Re: mgetty & modem problem (Dan Crooks)
Re: Romote "root" login (Eric Melville)
smbclient & samba ("Ron")
Drivers for Acer/Aopen ALN-201 10Base-T PCI NIC Card? (Rudy Vianna)
Help, ISP setup! (William Gross)
Re: What is a winmodem (Ken Roberts)
Re: rtl8139 NIC and kernel 2.2.1 (User)
Re: Totally wierd problem with multilink-PPP over an ISDN TA (Clifford Kite)
Samba share with Vfat drives ("Marten")
Re: PPP Setup for Uswest.net Dial in (J. Scott Berg)
Re: DX _6_ Zone game through Linux IP Masquerade and IPFWADM not working (Scott
Coiley)
----------------------------------------------------------------------------
From: "Andy Koch" <[EMAIL PROTECTED]>
Subject: Newbie w/inquiry.
Date: Tue, 09 Feb 1999 09:39:30 -0800
I'm trying to get a Motorola Mariner PCMCIA card working with RedHat Linux
v4.2(not entirely positive but...) on a Toshiba 420CDS laptop. it gets
assigned interface eth0, and ifconfig shows it as setup with the correct IP,
broadcast IP, and Netmask. However I can not ping anything, not even my
router. ifconfig shows x amount of packets transferred correctly, but that x
amount of packets have 'overrun'. What does overrun mean and how can i fix
this, Thanks.
please email me directly or cc my email address. Thanks in advance.
------------------------------
From: Dan Crooks <[EMAIL PROTECTED]>
Subject: Re: mgetty & modem problem
Date: Tue, 09 Feb 1999 17:40:31 GMT
[EMAIL PROTECTED] wrote:
> I have mgetty working rather well for dialin ppp users. I do have a
> few problems with the lines staying connected for long periods of time
> but the rest is working great.... If you are interested I can detail how
> I have my system setup.
> Keith
>
Sure, I am willing to look at anything right now. My problem is that once the
user
logs in to their shell account they can't switch the line to a PPP connection.
I tried
making it AUTOPPP but no luck. I have tried to stay away from pap and chap
but I am starting to think using one of them is a requirement. mgetty is
working fine
answering the phone now.
Anyways, the user can login to their shell account. I have a script for
starting PPP
(/etc/ppp/ppplogin) that looks like this:
==========================================
#!/bin/sh
#ppplogin - script to fire up pppd on login
mesg n
stty -echo
exec pppd proxyarp
==========================================
I have chmod so the users can execute the script. I also aliased the script
file in bashrc.
So the user types $ ppp and they get the garbage that starts with ~ .
Because I have called my ISP manually and established a ppp connection, I am
pretty sure this is the ppp header
stuff requesting to change the line condition to ppp. I would then exit minicom
and type:
pppd /dev/cua1 115200 &
and I would have my ppp connection with the ISP.
But these are Win98 users calling in and I don't know what to tell them to
convert the connection to ppp on their end. I "think" this is what the problem
is...
If you have a Linux box handling Win98 dial-in users establishing ppp
connections then I am most interested in how you accomplished.
I did grab the PPPHowTo and need to look for answers in that, but some first
hand knowledge from someone who has done it using RH5.2 would really help me
out. Thanks...
Dan
------------------------------
From: Eric Melville <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux,comp.os.linux.admin,comp.os.linux.help,nl.comp.os.linux
Subject: Re: Romote "root" login
Date: Wed, 10 Feb 1999 06:41:03 GMT
i posted this message some time ago...
---
since telnet packets are sent over the network in clear text, passwords
can be "sniffed", ie, people connected to the network could steal your
password. for a root account, this is especially a bad idea, therefore,
most distributions disable root's ability to telnet in by default. if
you REALLY WANT TO, and feel that there is virtually no security risk,
you could open up the file /etc/securetty and edit it. it's a list of
all the ttys that the system will let root in on... in your case, you'd
probably add ttyp0 through ttyp3 or something like that... this is,
however, a very bad idea if you are the least bit interested in
security. if i were you, i'd install ssh... for the most part, it's like
telnet, but the packets are encrypted on either end with a
public/private key scheme, before they are sent across the network...
ssh can let root in even if you aren't letting root telnet in.
this should get you started: http://search.yahoo.com/bin/search?p=ssh
---
whether you telnet in as root, use su, or sudo, you are still leaving a
hole in your system large enough for a hacker to drive a virtual truck
through. get ssh or suffer the wrath of the sniffers.
-E
> If somebody logins as root into BSDi (commercial Unix for PC) system,
> system greats him "Don't log in as root, use su command".
>
> I reccomend you to follow this advice.
> And even better, if you need to run something as root frequently, set up
> sudo command, to allow you run this command from your usial user
> account.
------------------------------
From: "Ron" <[EMAIL PROTECTED]>
Subject: smbclient & samba
Date: Tue, 9 Feb 1999 22:34:51 -0800
new to linux
installed redhat 5.2 v2.0.36 as default workstation class. Want to network
with my win95 machine. All the networking hardware is in place and working
(the machines recognize each other). The workstation installation didnt
install SMB and samba, but a server class install would, however Im only
using a 1 gig harddrive (to small for a server class install). Can I install
SMB and samba in the workstation to get shared access between the 2
machines, or do I need to get a bigger HD and do a server class install?
------------------------------
From: Rudy Vianna <[EMAIL PROTECTED]>
Subject: Drivers for Acer/Aopen ALN-201 10Base-T PCI NIC Card?
Date: Tue, 09 Feb 1999 12:51:04 -0500
What should be the proper driver for an Acer ALN-201 PCI 10Base-T NIC
card under Linux?
THNX,
Rudy
------------------------------
From: William Gross <[EMAIL PROTECTED]>
Crossposted-To:
comp.protocols.ppp,comp.os.linux.misc,comp.os.linux.setup,comp.protocols.tcp-ip,comp.protocols.tcp-ip.ibmpc
Subject: Help, ISP setup!
Date: Thu, 28 Jan 1999 22:25:54 -0600
Hello,
I need some help, please. I am running RedHat 5.2 on a a clone pc,
and I am trying to connect to my ISP which is called Integrity Online.
The problem is that they have a firewall, and I have never set Linux up
to deal with a firewall before. I can successfully connect to my ISP,
it assigns me a dynamic ip address, as usual. The problem is I cannot
get out to the internet. Netscape tells me something like it cannot
find the proxy server that I have set up in it even though I know that
the proxy name is correct, it is the same info I use in NT 4.0 and Win95
and they connect and cruise fine. I have pinged the firewall from my NT
and Win95 connections and have put the corresponding ip number in my
hosts file in order for their to be a dns resolution on my end. If I
did not, Netscape complains that "proxy.iolusa.com is unknown" and will
not let me continue to configure it. If I try to ping the firewall or
any valid internet address from my Linux connection, I get the error
from ping that the network is unreachable. The protocol that I am using
is tcp-ip, of course. Any help would be greatly appreciated. I have
banged my head against this for awhile and have not gotten anywhere.
Thanks in advance.
Leroy
------------------------------
From: Ken Roberts <[EMAIL PROTECTED]>
Subject: Re: What is a winmodem
Date: Tue, 09 Feb 1999 08:40:47 -0600
A winmodem is a stupidized modem. What the manufacurers did was to remove
some of the hardware on a modem and made-up the difference by using your
computer's CPU to emulate those parts that have been removed. This allows
them to sell the modem at a cheaper price. Since those modems are made
primarily for Windows machines, they've been called winmodems.
Unfortunately, windows seems to be the only operating system that they
drivers for. Linux, being a unix clone, would suffer from using a winmodem
anyways because you now have to waste processing power on stuff that the
modem should be doing.
If you look at the documentation that came with the modem, or alternately,
if you can get the manufacturer of the modem and hit up their web page, it
should tell you if it's a winmodem or not.
Another check is if you're in Linux, run minicom on the modem. If you
don't get any startup messages (like "ATZ <enter>", "OK"), then there's a
good chance that you may have a winmodem.
- Ken
------------------------------
From: [EMAIL PROTECTED] (User)
Crossposted-To: comp.os.linux.misc
Subject: Re: rtl8139 NIC and kernel 2.2.1
Date: Tue, 09 Feb 1999 01:26:30 GMT
Hi
I'm also using an rtl8139 chipset for my nic as well.
this is what I did:
- compile the source (instructions should be on the bottom of the
source file)
- edit the rc.local file under /etc/rc.d (red hat - dunno for other
distributions of linux)
- add these lines
insmod rtl8139.o
ifconfig eth0 xxx.xxx.xxx.xxx etc.
route add -net yyy.yyy.yyy.yyy etc.
where xxx.xxx.xxx.xxx is your internal network
and yyy.yyy.yyy.yyy is your network address.
Hope that helps.
On Mon, 08 Feb 1999 09:20:11 -0600, John Thompson
<[EMAIL PROTECTED]> wrote:
>I'm trying to compile kernel v2.2.1 but have run into a
>problem in that I cannot select my rtl8139-based NIC. The
>option appears but is "greyed-out" and cannot be selected
>(using "make xconfig;" it does not even appear as an option
>using "make config" or "make menuconfig"). The source is
>present (/usr/src/linux/drivers/net/rtl8139.c) but there
>appears to be no easy way to include it when compiling. Is
>there a work-around?
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: Totally wierd problem with multilink-PPP over an ISDN TA
Date: 9 Feb 1999 11:24:10 -0600
Knight of Night wrote:
: You recall my old chat script...
: ABORT BUSY ABORT "NO CARRIER" '' ATZ OK ATD<phone number> CONNECT
: And the new one generated by Linuxconf...
: '' 'ATZ'
: 'OK' 'ATD<phone number>'
: 'CONNECT' ''
The <CONNECT ''> generates an extra carriage return which sometimes
causes a problem. <CONNECT \c> supresses a carriage return that is
otherwise sent. I don't know whether a carriage return is generated
with the old script with everything on one line and nothing following
the CONNECT - except maybe one carriage return. At any rate this looks
to be what you need to fiddle with.
: I noticed that my connect script did not explicitly indicate to send nothing
: after expecting the "CONNECT". It worked great back under Slackware so I didn't
: even question it. But the new script does explicitly call for a send nothing
: after expecting the connect. I tried removing it so the script looked like
: this...
: '' 'ATZ'
: 'OK' 'ATD<phone number>'
: 'CONNECT'
: When I did that, pppd dialed, connected, brought up the first B channel,
: appeared to authenticate, and then it brought up the second B channel. My ISP
: checked their log files, and said it looked like a normal login. But, I had NO
: throughput. None from the Linux box itself, and none from the LAN, indicating
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* Those who can't write, write manuals. */
------------------------------
From: "Marten" <[EMAIL PROTECTED]>
Subject: Samba share with Vfat drives
Date: Wed, 10 Feb 1999 18:06:03 +1100
How can i get write access to work from clients connect by samba? I have a
zip drive I want to share over the network but keep the disc's vfat.
------------------------------
From: [EMAIL PROTECTED] (J. Scott Berg)
Crossposted-To: mn.online-service
Subject: Re: PPP Setup for Uswest.net Dial in
Date: 29 Jan 1999 04:53:28 GMT
In article <d1Sr2.1594$[EMAIL PROTECTED]>,
Mike Horwath <[EMAIL PROTECTED]> wrote:
>In mn.online-service J. Scott Berg <[EMAIL PROTECTED]> wrote:
>: I'll give you the whole story and you can see what you think.
>
>Excellent.
Whoah! I just noticed this was cross-posted to mn.online-service!
How bizarre. I'm in Indiana!
>: I couldn't send out a mail message (I had sent one before). I gave
>: their mail server a ping, no response. This went on for a while, so I
>: gave them a call. "Mail servers working fine. Why can't I ping them?
>: We don't support Linux."
>
>Did you make sure you had van-jacobson header compression on?
Yup, it certainly appears to be on (I haven't turned it off in a
config file, and in the IPCP negotiation logs that I get with debug
on, I appear to request and get Van-Jacobson compression (I assume
this is what the following is):
pppd[689]: sent [IPCP ConfReq id=0x2 <addr xxx.xx.xxx.xxx> <compress VJ 0f 01>]
pppd[689]: rcvd [IPCP ConfAck id=0x2 <addr xxx.xx.xxx.xxx> <compress VJ 0f 01>]
>: The guy then repeated this latter mantra
>: 'til I gave up on him. A bit of playing around on my part found that
>: I could send short emails. Never could ping the mail servers--it
>: would be nice if the guy would have just told me that their servers
>: don't respond to pings. Even Win98 has ping.
>
>Just because their servers won't respond doesn't mean their servers
>don't have ping.
>
>It could be blocked at the router (many places do this).
Sorry, didn't make myself clear. All I'm saying is that it would have
been nice if they fellow had informed me that I wouldn't see a
response to pinging their mail servers. I expected him to know what
I meant by "ping" since "Even Win98 has [a] ping [command]." Instead
he heard "Linux" and didn't even want to try. I can ping other
places, just very little that is owned by Earthlink.
>: The solution? Their system indicates in the LCP negotiation it can
>: handle an mru of 1524. Since I hadn't indicated an mtu, pppd set it
>: to 1524. Well, the fact is that a packet that size doesn't make it.
>: The real mtu seems to be 1500. Guessed this by looking at tcpdump
>: output. Sending a large enough message caused a sufficiently large
>: packet to be sent. If someone knows what's going on, I'd love to hear
>: it (and why does it work on Win98?).
>
>Could it be the implementation of the TCP stack under Linux?
>
>Would not be the first bug found...won't be the last.
This would not entirely surprise me. On the other hand the loopback
(is this even relevant?) has a much larger mtu, and doesn't fail.
Also, the packets are going out, at least according to tcpdump (see
later on in this message).
>MRU of 1524 should be fine, works all over the place, and is quite
>standard for PPP negotiation.
>
>MRU - Maximum Receive Unit
>MTU - Maximum Transmit Unit
Here's what I get in my log file:
pppd[689]: rcvd [LCP ConfReq id=0x2 <mru 1524> <asyncmap 0xa0000> <auth chap 05>
<pcomp> <accomp>]
pppd[689]: sent [LCP ConfAck id=0x2 <mru 1524> <asyncmap 0xa0000> <auth chap 05>
<pcomp> <accomp>]
My understanding is that that when I set the mtu on my end, I am
setting the maximum sized packet that I will send to them. When they
sent the above LCP stuff, they were saying that the maximum sized
packet I could send them would be 1524. And, since originally I
didn't set the mtu in my config files, that's what my mtu got set to.
(I assume if I set an mru in my config files, I would be simply
telling pppd what to send to them in the LCP negotiation, and not
really changing anything about how I send/receive packets).
Even though 1524 "should be fine," it clearly isn't. I cannot send
mail or news beyond a certain length if the mtu is not set (and
therefore takes the negotiated value of 1524, and I checked that this
is what it does with ifconfig), and if I set it to 1500, everything
works like a champ (inasmuch as it ever does).
> Don't forget the overhead in the packets! :)
That's included in the mtu, isn't it? If it isn't, then is pppd wrong
in setting the mtu to the mru that it gets in the LCP negotiation
(assuming that I don't set it in the config file)?
In case you're curious, the end of this message contains 2 tcpdump
transcripts: the first is what I generally see (>95%) when the mtu is
at 1524 and I try to send a message of sufficient length. The second
was an oddball that got through, and happened to give me the hint
about setting my mtu (the "need to frag" stuff). I've always assumed
that the big sequence numbers near the end of the failed one were
intentional: are they? In any case they don't seem to have anything
to do with the lack of response I'm getting.
By the way, I do have a guess as to why things work under Win98:
I searched around after I sent that last note, and apparently Win98
has some new feature where they set the MTU on dialups to 576, and
thus don't bother with the negotiated values. Not sure if this is
accurate or not, though.
So, does all this indicate whether the culprit is Linux or Earthlink
(or UUNet) (or me!)?
And I haven't even gotten to the part about having to firewall myself
in to prevent random hangups (no, not from timing out, although again
I only know the cure and only have vague notions of the cause)!
I would love to hear from anyone with any enlightenment on what the
real deal is here! Thanks
-Scott Berg
11:17:28.159353 ip: 1Cust115.tnt20.chi5.da.uu.net.1060 > rns2.earthlink.net.domain:
15896+ A? mail.earthlink.net. (36) (ttl 64, id 547)
11:17:28.389353 ip: rns2.earthlink.net.domain > 1Cust115.tnt20.chi5.da.uu.net.1060:
15896* q: mail.earthlink.net. 2/3/3 mail.earthlink.net. (195) (ttl 245, id 61107)
11:17:28.389353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: S 4021288162:4021288162(0) win 512 <mss 1484> (ttl
64, id 548)
11:17:28.569353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: S 1778693449:1778693449(0) ack 4021288163 win
17808 <mss 1484> (ttl 245, id 21749)
11:17:28.569353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: . ack 1 win 32648 (DF) (ttl 64, id 549)
11:17:28.799353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: P 1:99(98) ack 1 win 17808 (ttl 245, id 21750)
11:17:28.809353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1:21(20) ack 99 win 32648 (DF) (ttl 64, id 550)
11:17:29.019353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: P 99:279(180) ack 21 win 17808 (ttl 245, id 21751)
11:17:29.039353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: . ack 279 win 32648 (DF) (ttl 64, id 551)
11:17:29.079353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 21:55(34) ack 279 win 32648 (DF) (ttl 64, id 552)
11:17:29.289353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: . ack 55 win 17808 (ttl 245, id 21752)
11:17:29.329353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: P 279:320(41) ack 55 win 17808 (ttl 245, id 21753)
11:17:29.339353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 55:85(30) ack 320 win 32648 (DF) (ttl 64, id 553)
11:17:29.529353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: P 320:362(42) ack 85 win 17808 (ttl 245, id 21754)
11:17:29.539353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 85:91(6) ack 362 win 32648 (DF) (ttl 64, id 554)
11:17:29.749353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: P 362:412(50) ack 91 win 17808 (ttl 245, id 21755)
11:17:29.749353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 91:1115(1024) ack 412 win 32648 (DF) (ttl 64, id
555)
11:17:29.759353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
556)
11:17:30.199353 ip: hawk.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1054: . ack 1115 win 17808 (ttl 245, id 21756)
11:17:30.579353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
557)
11:17:32.219353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
558)
11:17:35.499353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
559)
11:17:42.059353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
560)
11:17:55.179353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
561)
11:18:21.419353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
562)
11:18:29.299353 ip: 1Cust115.tnt20.chi5.da.uu.net.1053 >
hawk.prod.itd.earthlink.net.smtp: P 526663240:526664724(1484) ack 821358432 win 32648
(DF) (ttl 64, id 563)
11:19:13.899353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
564)
11:20:29.299353 ip: 1Cust115.tnt20.chi5.da.uu.net.1053 >
hawk.prod.itd.earthlink.net.smtp: P 0:1484(1484) ack 1 win 32648 (DF) (ttl 64, id 565)
11:20:58.859353 ip: 1Cust115.tnt20.chi5.da.uu.net.1054 >
hawk.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 412 win 32648 (DF) (ttl 64, id
566)
The oddball (only the interesting part shown):
11:10:48.149353 ip: 1Cust115.tnt20.chi5.da.uu.net.1052 >
snipe.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 414 win 32648 (DF) (ttl 64,
id 508)
11:10:48.649353 ip: snipe.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1052: . ack 1115 win 65296 (ttl 245, id 53338)
11:10:49.039353 ip: 1Cust115.tnt20.chi5.da.uu.net.1052 >
snipe.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 414 win 32648 (DF) (ttl 64,
id 509)
11:10:50.819353 ip: 1Cust115.tnt20.chi5.da.uu.net.1052 >
snipe.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 414 win 32648 (DF) (ttl 64,
id 510)
11:10:54.379353 ip: 1Cust115.tnt20.chi5.da.uu.net.1052 >
snipe.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 414 win 32648 (DF) (ttl 64,
id 511)
11:10:54.709353 ip: tnt20.chi5.da.uu.net > 1Cust115.tnt20.chi5.da.uu.net: icmp:
snipe.prod.itd.earthlink.net unreachable - need to frag (mtu 1500) (ttl 64, id 62300)
11:11:01.499353 ip: 1Cust115.tnt20.chi5.da.uu.net.1052 >
snipe.prod.itd.earthlink.net.smtp: P 1115:2599(1484) ack 414 win 32648 (ttl 64, id 512)
11:11:01.859353 ip: snipe.prod.itd.earthlink.net.smtp >
1Cust115.tnt20.chi5.da.uu.net.1052: . ack 2599 win 65296 (ttl 245, id 53339)
------------------------------
Date: Tue, 09 Feb 1999 18:35:48 -0500
From: Scott Coiley <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: DX _6_ Zone game through Linux IP Masquerade and IPFWADM not working
Crossposted-To: microsoft.public.games.zone
Wadels thus confirms the 1 machine per IP address phenomenon with
NAT/Masquerading.
NAT and Masquerading work by taking the private (192.168.x.x : p) packet and
repackaging it on a new port with the gateway address. This repackaging
information is kept in a table by NAT/Masquerading. When the reply comes on the
new, repackaged port, NAT/Masquerading knows to unwrap the packet and send it
back to the private IP address on the original port. However, the the Zone
replies on a new random port. NAT/Masquerading has no way of knowing from the
table that is kept where the packet is destined so it sends it to wherever that
random port is mapped... one PC - by default the gateway PC, unless there is
specifib port mapping rulse to another single PC. You can't map a port to more
than one PC with NAT/Masquerading. I'm not trying to bludgeon the subject - but
simply explain why only 1 PC will connect to the Zone premuim games through
NAT/Masquerading
I'm doing research to find the inner workings of a proxy. I would appreciate it
if Loco the gentle zookeeper would be so kind as to give complete setup details
as to how to use WinGate 3.0 to get multiple machines behind the proxy to work
on Zone premium games with random port re-assignment. Others have also claimed
that their proxy works, but thus far NO ONE has been forthcoming with the
hardware and software configuration details. WinGate 2.0 would not work for me.
As far as I'm concerned the suggestions that a proxy works are a cruel practical
joke which leads others to frustration. I will experiment with WinGate 3.0.
Incidentally, Deerfield calims that WinGate 3.0 will NOT work to allow multiple
clients behind their proxy to connect to the Zone. I would really like to see
Loco the friendly monkey tender's config, or that of anyone else's proxy, that
allows them to play premium Zone with MULTIPLE players on their LAN through one
IP address. Please (and I honestly mean please) - let's see it! What is the
configuration - if there is one.
Let's keep this civil. We all stand to learn something here - which is the main
reason I'm participating. I've already got my LAN working seamlessly with the
extra subnet - so my remaining interest is clearly for the purpose of my
education.
Wadels wrote:
> Ok, after no answer and more searching, I found a solution that so far has
> worked 98%. These commands in Linux do it. I recommend putting them in a
> shell script which you'd run only before getting on the zone. This bypasses
> some of your firewall's security, but it lets you play your 15-30 min game.
> My home network can take a bit less security for this kind of window. After
> you're done, run ipautofw -F to flush these rules, which (as far as I know)
> should restore full security.
>
> ipautofw -A -r udp 1000 5000 -h [address of your Outwars machine]
> ipautofw -A -r tcp 1000 5000 -h [address of your Outwars machine]
> ipautofw -A -r udp 47624 47624 -h [address of your Outwars machine]
> ipautofw -A -r tcp 47624 47624 -h [address of your Outwars machine]
>
> The 2% that doesn't work for me is this: my latency value (from a ping) does
> not show up in the zone, so people think my connection must be terribly slow
> (so they don't want to be in my game), and only 1 machine on my internal
> network can play at a time. I can certainly live with this. I think that one
> Mike Miller was the one who posted this solution. Thanks, Mike.
>
> Note, I've only played 2 or 3 people in Outwars on the Zone with these
> settings. I don't know if they all had DirectX 6 or if (and when) it
> matters. Good luck all.
>
> Wadels wrote in message ...
> >I am happy to have bought MS Outwars for a game and Caldera OpenLinux 1.3
> >for a static-ip firewall. But of course the Outwars does not run on the
> zone
> >through the Linux firewall (common problem, I know). But now there's
> DirectX
> >6 which is supposed to increase the chances of my getting this working.
> >People have reported getting some similar-sounding site, BattleZone to work
> >with their games through this kind of firewall.
> >
> >Scott Coiley, I have DirectX 6 (on Win98) so please do not reply with a
> >repost of your message "You cannot play MS DirectX < 6 games with 1 IP
> >address..." Thanks for posting the useful info above, though.
> >
> >I have IP Masquerading and IPFWADM working so that my Win box can http to
> >the outside world quite successfully. Can the connections between my
> Outwars
> >and the Zone be masqueraded?
> >
> >I have IPAUTOFW installed too, so I'll use it if I have to.
> >
> >The connections to be masq'ed or forwarded or transparently proxied
> >(whatever workds) are through ports 47624 and 2300-2400, tcp and udp, both
> >directions.
> >
> >I've read the documentation, but my attempts have failed so far. Please
> >don't say I need to pay for more IPs from my ISP. It shouldn't be
> necessary.
> >
> >Any help is greatly appreciated!
> >
> >
> >
> >
--
- Scott <mailto:[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
