Linux-Networking Digest #165, Volume #10 Wed, 10 Feb 99 07:13:44 EST
Contents:
ipmasq and identd (Brandon)
IP forwarding/diald timeout catch 22 (Kyle Tucker)
Re: Problem with NPRINT and LPR (Izak Burger)
Linux - Null Modem - NT4.0. How? (Max Tulyev)
Re: How can I get the 2B channels up in my ISDN Modem using RH5.2 ("JLS")
Re: Totally wierd problem with multilink-PPP over an ISDN TA ("JLS")
Re: Why would X not work after istalling a NIC? ("Christopher G. Petty")
Re: Firewall & Masquerading (Tobias Reckhard (jester))
Re: Masquerading troubles... (Tobias Reckhard (jester))
----------------------------------------------------------------------------
Date: Sun, 07 Feb 1999 19:13:30 -0500
From: Brandon <[EMAIL PROTECTED]>
Subject: ipmasq and identd
I got ipmasq working on the linux box that has the ppp connection, and
can access the web and ftp now from my windows boxes on the lan, but I
cannot irc from the windows boxes. The irc servers are not getting my
ident. What do I need to check?
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Kyle Tucker)
Subject: IP forwarding/diald timeout catch 22
Crossposted-To: linux.redhat.ppp
Date: Tue, 09 Feb 1999 20:01:24 GMT
Hi,
On RH 5.2 I successfully have diald, IP masquerading and
ppp working. But diald never hangs up as there is always outgoing
packets thru ppp0 (according to netstat -i) despite the fact I have
nothing running that is specifically going out this route. Is this
a unavoidable drawback to running IP masquerading which apparently
requires ip forwarding set on? Thanks.
--
- Kyle
------------------------------
From: Izak Burger <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: Problem with NPRINT and LPR
Date: Wed, 10 Feb 1999 12:05:57 +0200
I had the exact same problem. So far I havent seen any answer to this so
I thought I might as well answer it.
My solution was to dump lpr and get LPRng. You can also look at the
article I wrote in the November issue of Linux gazzette
(http://www.ssc.com/lg/). There are however some things in the article
that are not quite clear (Even if I have to admit that myself). So if you
have any trouble, I can send you all the stuff I have here.
You can try this test, this was the giveaway for me:
somewhere in the printfilter file, insert a "slist>/tmp/list.txt" or
whatever. slist should dump a list of netware servers. In my case I got
no list, implying that vannilla lpr can not see netware servers somehow.
LPRng has been great, and I have even dumped lpr on my own system at home,
even though it is not connected to any network at all :)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Note: No Microsoft programs were used in the creation of this message. If you
are using a Microsoft program to view this message, BEWARE! I am NOT
responsible for any harm you or your computer may encounter as a result.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: [EMAIL PROTECTED] (Max Tulyev)
Subject: Linux - Null Modem - NT4.0. How?
Date: Tue, 9 Feb 1999 11:03:09 +0200
���������, [EMAIL PROTECTED]!
At 08 Feb 99 10:50:31, [EMAIL PROTECTED] wrote to All:
J> 1) Can I set up my NT to use null modem connection to see Linux
J> directories as NT shares?
Some time ago I have connected my notebook with Win95 to Linux server
using null modem cable.
I have to make chat script on Linux, wich is emulating normal standard
modem initialisation and connection, and then run pppd. You can run
minicom in Linux box, see what Windows send to "modem" and answer
properly. From Windows it will see like dialup network connection over
modem.
Sample:
Windows Linux
ATZ ->
<- OK
ATH0M0L0 ->
<- OK
ATDP000 ->
<- CONNECT 115200
try to starting
establish pppd
PPP link daemon
J> 2) What are there the simplest programs to transfer files from NT to
J> linux over null modem?
You will have normal TCP/IP connection - use Internet Explorer and enjoy!
;)
Bye!
[Linux KEY #66318-***** http://counter.li.org] [Enigma] [Zonnery Must
Die]
[Information must be free!] [RMFO!!!] [Team ����� ����] [maxtul AKA
�����]
[email: maxtul AT microsoft.kiev.ua] [FNW^Team]
------------------------------
From: "JLS" <[EMAIL PROTECTED]>
Subject: Re: How can I get the 2B channels up in my ISDN Modem using RH5.2
Date: Tue, 9 Feb 1999 15:03:30 -0500
Crossposted-To: comp.os.linux.setup,comp.os.linux.misc,comp.dcom.isdn
ppp options have to have asyncmap 0.
Jeff Sofferin
Mark Cooperstein wrote in message ...
>for one thing, the init string below won't work because you MUST escape any
>ampersands "&" with a backslash character, eg:
>ATS71=1S80=1\&D2
>
>I don't have any experience with the IQ and Linux, although I do own an IQ
and
>have used it extensively with DUN and Win98. Currently, I have an Motorola
>BitSurfr PRO hooked up to a 2.1.130 Linux box and it works great with both
>channels. It took some diddling to get it to work at 230K, but eventually
I
>figured it out.
>
>Are you sure that your ISP will allow a 2B connection for your account?
>(Stupid question, but I had to ask....). If you haven't setup with them
for
>2B ISDN, they will usually nuke the second channel as soon as it tries to
>authenticate.
>
>
>Mark
>
>In article <79o9k4$6ns$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
>>Any response you get from this I would also like to read...
>>I have the exact same problem..
>>Keith
>>
>>In article <[EMAIL PROTECTED]>,
>> Xaymara Perez <[EMAIL PROTECTED]> wrote:
>>> I have a 3Com Impact IQ ISDN modem (external) on a machine running Linux
>>> RedHat 5.2 (and the 2.2.1 kernel). I can connect to my ISP just fine
>>> but with one channel instead of the two channels. How can I connect
>>> with the two channels? I thought that changing the initstring from ATZ
>>> to ATs71=1s80=1&d2 would do it, but it still connects to only one
>>> channel. I did changed the speed to 115200 and I'm using the command
>>> ifppp0 up to connect.
>>>
>>> Any suggestions?
>>>
>>
>>-----------== Posted via Deja News, The Discussion Network ==----------
>>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
>
>** Remove ".nospam" when replying or email will bounce back to you...
------------------------------
From: "JLS" <[EMAIL PROTECTED]>
Subject: Re: Totally wierd problem with multilink-PPP over an ISDN TA
Date: Tue, 9 Feb 1999 15:05:54 -0500
I had the same problem and I cured it with in ppp options have asyncmap 0
and S71=1.
Jeff Sofferin
Knight of Night wrote in message <[EMAIL PROTECTED]>...
>
>My Linux box has served me very succesfully for many years as, among other
>things, a router for my LAN. I connect to my ISP using a 3Com Impact IQ
ISDN
>TA.
>
>I recently upgraded the machine from a 486DX2/50 to a Pentium 100, and from
an
>ancient version of Slackware to R.H. v5.2.
>
>After solving all the ususal problems associated with such an upgrade, I
still
>have one remaining issue. I am unable to connect to my ISP in the same
manner
>as I have in the past. Instead of a 2 B channel multilink-ppp connection
over
>my ISDN TA, I am running on only a single B channel, halving my bandwidth.
>
>Here are the specifics...
>
>On Slackware, I ran pppd from the command line, as root, with no command
line
>options. In /etc/ppp/options I had all the necessary options...
>
>/dev/cua1
>115200
>connect -f <chat script>
>user <user listed in /etc/ppp/pap-secrets>
>remotename <server listed in /etc/ppp/pap-secrets>
>crtscts
>defaultroute
>lock
>204.167.97.17:
>
>The chat script...
>
>ABORT BUSY ABORT "NO CARRIER" '' ATZ OK ATD<phone number> CONNECT
>
>pppd would load, dial, connect, bring up the first B channel, authenticate,
then
>bring up the second channel, and I would have almost 115200bps of bandwidth
to
>the 'Net.
>
>Then the upgrade...
>
>Now, under R.H. v5.2, I used Linuxconf to configure PPP. After checking
all the
>config files in /etc/ppp and /etc/sysconfig/network-scripts, I was
convinced all
>was well, so I rebooted.
>
>pppd came up, it dialed, connected, I had throughput, but the second B
channel
>stayed inactive. I tried changing, rearranging, editing, everything I
could
>think of to all the config files, but nothing made any difference.
Actually, I
>shouldn't say that. Sometimes it wouldn't work at all. |-) I even tried
>calling pppd myself using my old config. That's when I really stumbled
upon the
>problem.
>
>You recall my old chat script...
>
>ABORT BUSY ABORT "NO CARRIER" '' ATZ OK ATD<phone number> CONNECT
>
>And the new one generated by Linuxconf...
>
>'' 'ATZ'
>'OK' 'ATD<phone number>'
>'CONNECT' ''
>
>I noticed that my connect script did not explicitly indicate to send
nothing
>after expecting the "CONNECT". It worked great back under Slackware so I
didn't
>even question it. But the new script does explicitly call for a send
nothing
>after expecting the connect. I tried removing it so the script looked like
>this...
>
>'' 'ATZ'
>'OK' 'ATD<phone number>'
>'CONNECT'
>
>When I did that, pppd dialed, connected, brought up the first B channel,
>appeared to authenticate, and then it brought up the second B channel. My
ISP
>checked their log files, and said it looked like a normal login. But, I
had NO
>throughput. None from the Linux box itself, and none from the LAN,
indicating
>routing was down too. I looked at the interface config, it looked fine, in
fact
>identical to the config present when I had throughput. Same story for the
>routing table. In fact, everything I checked indicated that everything was
>fine, and I should be up and running. But I wasn't. I fiddled with
everything
>quite a bit more, then reverted everything to its default settings and
tried
>again. Same thing.
>
>So, I'm stumped, and left with only one B channel running at the moment.
Any
>help would be very grealy appreciated. TIA!!!
------------------------------
From: "Christopher G. Petty" <[EMAIL PROTECTED]>
Subject: Re: Why would X not work after istalling a NIC?
Date: Thu, 28 Jan 1999 23:36:34 -0500
My thoughts exactly, mostly because I've had this problem. PnP can be such a
pain in the arse sometimes.
If you do end up having an IRQ Conflict between your NIC and your Video
card, try changing PCI slots for ONLY ONE of them, rebooting, redefining the
IRQ in the startup scripts (or let the tulip driver probe for it) and see
what happens..
Even tho PnP took away the jumpers and such, it's still necessary to make
sure (manually, via /proc/interrupts) that you don't have an IRQ conflict.
If you've installed something and it doesn't show up in /proc/interrupts, or
another piece of hardware that you have installed is now missing, you have a
conflict, and must resolve it before everything will work.
Like I said before. PnP is nice for those who don't know about such things
as IRQ's DMA's and Port Addresses, but when it goes afoul, you need to
resolve the conflict before everything will work..
_CGP
Mogens Kjaer wrote:
> Darren Ford wrote:
> >
> > I installed a NIC and it is recognised by the tulip driver. I
> > configured TCP/IP and now X won't come up. Why would this happen? Or
> > is something else wrong?
>
> Could it be an irq conflict?
>
> What does /proc/pci, /proc/interrupts, and /proc/ioports say
> with/without the NIC present?
>
> Mogens
> --
> Mogens Kjaer, Carlsberg Laboratory, Dept. of Chemistry
> Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
> Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
> Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
------------------------------
From: [EMAIL PROTECTED] (Tobias Reckhard (jester))
Subject: Re: Firewall & Masquerading
Date: Tue, 09 Feb 1999 17:12:47 GMT
(Sorry, people, I know this is an english-speaking newsgroup, but he
requested replies to the newsgroup only and I'm not sure if he
understands english well enough for me to answer in english only. And
my post is too long for me to go to the trouble of translating all of
it, sorry. Hope no one minds too much.)
Hi Franky
Comp.os.linux.networking ist eine englischsprachige Newsgroup, daher
wird es eigentlich nicht so gerne gesehen, wenn in anderen Sprachen
gepostet wird. Dafuer gibt es einige sehr gute Gruppen in der
de.*-Hierarchie des Usenet. Aber zu Deinen Fragen.
On Mon, 08 Feb 1999 20:11:29 +0100, "Ronny Frankenstein (Franky)"
<[EMAIL PROTECTED]> wrote:
>hab Linux SUSE 6.0 zum Firewall gemacht (1. Fehler?)
N�, nicht unbedingt.
>Nach 7 Tagen hab ich die Scripte Firewall und Masquerading
>rausgeschmissen und nur noch ipfwadm benutzt (2.Fehler?)
N�, nicht unbedingt.
>Mit dem ipfwadm m�chte ich folgendes konfigurieren:
>
>Hinter dem FW. verbergen sich zwei Subnetze mit 192.168.1.0/24 und
>192.168.2.0/24.
>
>Der FW hat als einziges eine echte IP 193.145.45.12.
>
>Ich habe alles verboten und dann den internen Verkehr zwischen den
>Subnetzen erlaubt.
>
>Soweit funktioniert es!!!!
Toll!
>Sobald ich aber raus will, zum Bsp.: www soll gehen von einem Subnet
>aus...
>
>ipfwadm -I -a accept -b -P tcp -S 192.168.1.0/24 -D 0/0 80
>ipfwadm -F -a accept -b -m -P tcp -S 192.168.1.0/24 -D 0/0 80
>ipfwadm -O -a accept -b -P tcp -S 192.168.1.0/24 -D 0/0 80
>
>passiert einfach mal nix!
>
>Ich bef�rchte es liegt am Firewalling und Masqerading zusammen.
Nein, daran liegt es nicht. Paketfilterung und IP Masquerading
harmonieren wunderbar.
>Kann mir jemand bitte mal die Regeln richtig aufschreiben.
OK. Ich w�rde erstmal den bidirektionalen Modus ausschalten und
stattdessen explizite Regeln f�r beide Richtungen festlegen. Das hat
dann auch den Vorteil, da� Du nach dem ACK-Bit filtern kannst.
ipfwadm -I -a accept -P tcp -S 192.168.1.0/24 1024:65535 -D 0/0 80 \
-W $INIF1
ipfwadm -F -a accept -P tcp -S 192.168.1.0/24 1024:65535 -D 0/0 80 \
-W $OUTIF -m
ipfwadm -O -a accept -P tcp -S $OUTIFIP 1024:65535 -D 0/0 80 -W $OUTIF
ipfwadm -I -a accept -P tcp -S 0/0 80 -D $OUTIFIP 1024:65535 \
-W $OUTIF -k
ipfwadm -O -a accept -P tcp -S 0/0 80 -D 192.168.1.0/24 1024:65535 \
-W $INIF1 -k
Hierbei ist in $INIF1 die Bezeichnung des einen internen Interface
(bspw. eth0), in $OUTIF diejenige des aeusseren Adapters (bspw. ppp0)
abgelegt. $OUTIFIP bezeichnet die IP-Adresse des aeusseren Interfaces.
>Ich m�chte von Arbeitspl�tzten im 192.168.1.0/24 mail ftp, www, dns
>(nat�rlich), ssh und ssl machen k�nnen.
Fuer Mail brauchst Du wahrscheinlich zwei Saetze Regeln, einen zum
Versand per SMTP und einen, um Email per POP oder IMAP von Deinem
Provider zu holen. Beides sind Client-Server-Protokolle auf Basis von
TCP, die genauso zu behandeln sind wie HTTP oben. Die Clients benutzen
Ports im Bereich von 1024 bis 65535, der SMTP-Server lauscht auf Port
25, waehrend der POP-Server Port 110 abhoert. IMAP v2 verwendet als
Server-Port 143, bei IMAP v3 ist dies 220.
FTP ist etwas komplizierter. Es gibt bei FTP zwei Verbindungen, eine
Steuerleitung, ueber die die Befehle uebermittelt werden, und eine
Datenleitung, mit derer der Datenaustausch vollzogen wird. Die
Steuerleitung wird aufgebaut, wenn man den FTP-Client startet und auf
einen Server ansetzt. Die Datenleitung wird hingegen erst bei Bedarf
aufgebaut. Wie dies geschieht, haengt von dem FTP-Modus ab. Es gibt
normalen und passiven FTP. Beim normalen FTP baut der Server die
Datenverbindung zum Client auf. Den Port, den er dazu verwenden soll,
teilt ihm der Client dazu vorher ueber die Steuerleitung mit. Beim
passiven FTP baut hingegen der Client die Datenleitung auf, er
verwendet hierzu einen Port auf dem Server, den dieser ihm vorher
mitgeteilt hat. Normaler FTP kann mit IP Masquerading eigentlich nicht
funktionieren, daher muss man das ip_masq_ftp-Modul laden.
Das Schema sieht folgendermassen aus:
1. Steuerleitung:
FTP-Client: hoher Port (1024:65535) ---TCP--> FTP-Server Port 21
2. normale Datenleitung:
FTP-Server: Port 20 ---TCP---> FTP-Client: hoher Port (1024:65535)
3. passive Datenleitung:
FTP-Client: hoher Port (1024:65535) --TCP--> FTP-Server: hoher Port
(1024:65535)
DNS funktioniert per UDP. Der Server horcht auf Port 53, waehrend
Clients von hohen Ports aus anfragen.
SSH schlie�lich ist wiederum ein TCP-Protokoll, wobei der Server auf
Port 22 h�rt.
>Im Subnet 192.168.2.0/24 stehen www-Server.
Es w�re sonst ja auch zu einfach, oder?
>Die sollen nat�rlich ihren Web-Traffic und ihre Mail bekommen und man
>soll mit ftp, ssh, ssl auf sie zugreifen d�rfen.
Von au�en? Da Du nur eine g�ltige IP-Adresse hast, kann per
traditionellen 'well-known ports' nur auf einen HTTP-, FTP-, DNS-,
SMTP, ... Server innerhalb Deines Netzes zugegriffen werden und selbst
das ist nur per Port Forwarding m�glich. D.h. wenn jemand eine
Verbindung mit TCP-Port 80 auf dem �u�eren Interface Deines
Paketfilters aufbaut, sollte diese Verbindung zu dem tats�chlichen
Web-Server, der im privaten Netz liegt, durchgereicht werden. Das l��t
sich mit ipportfw oder ipautofw machen. Es ist �brigens keine gute
Idee, �ffentliche Server in ein privates Netz zu stellen, falls dieses
private Netz durch den Paketfilter gesch�tzt werden soll. Dann sollte
man f�r diese f�r die Au�enwelt zug�nglichen Server ein eigenes
Subnetz bauen, damit etwaige Eindringlinge in diese Maschinen von
ihnen aus nicht in das private und sch�tzenswerte Netz vordringen
k�nnen.
>Eine ganze Weile mache ich schon RTFM aber manches ist verwirrend und
>auch falsch was es da gibt :-)
Verwirrend ja, aber direkt falsch? Naja, ich hoffe, das hier hilft Dir
erst mal weiter. Wenn nicht, dann frage ruhig nach, ich habe auch
lange genug gebraucht, um es zu schnallen.
ciao
Tobias
------------------------------
From: [EMAIL PROTECTED] (Tobias Reckhard (jester))
Subject: Re: Masquerading troubles...
Date: Tue, 09 Feb 1999 20:06:56 GMT
On 8 Feb 1999 00:22:18 GMT, [EMAIL PROTECTED] wrote:
>I've been trying to get my two computers to share my ADSL connection and I seem
>to have hit a brick wall.
>
>My machine that is connected to the internet has two ethernet cards and both
>appear to be working great. The networking on my other machine is working as well.
>
>I've even tried to masquerade everything (ipfwadm -F -p m) and it still doesn't work.
>I've recompiled the kernel, and done everything else I know to do. All I can think is
>that the routing table must be wrong. Please help!!
>
>Destination Gateway Genmask Flags Metric Ref Use Iface
>192.168.1.0 * 255.255.255.0 U 0 0 16 eth1
>4.3.32.0 * 255.255.240.0 U 0 0 4 eth0
>127.0.0.0 * 255.0.0.0 U 0 0 24 lo
>default 4.3.32.1 0.0.0.0 G 1 0 28 eth0
>
>Any other suggestions are welcome. (Please respond to [EMAIL PROTECTED] as well,
> getting to newsgroups is a real pain right now ;-) )
It looks like you need to masquerade everything, but the rule you
tried won't work. 'Masquerade' is not a valid policy, only 'accept',
'deny' and 'reject' will work. The IP Masquerading HOWTO and the
syntax accepted by ipfwadm are counterintuitive in this case, as they
allow a command of 'm'asquerading in forwarding rules. You need to use
the command:
ipfwadm -F -a accept -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0 -m
Now if your input and output rules are set to accept, this should do
the trick.
Tobias
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
