Linux-Networking Digest #176, Volume #10 Thu, 11 Feb 99 10:14:11 EST
Contents:
ip_masqu->DirectPlay (Gert Wurzer)
virusscanner for linuxproxy? (Kai Krebber)
PPP password patch (John Newbigin)
hacked login (Rafael Marcus)
Re: Warning: Connecting Linux Redhat 5.2 to ISP that supports SMTP (Sutrice)
pinging through firewall? ("pules")
Re: POP3 Mail Server for Win Clients (Gary R Byrd)
Errors accessing ftp servers from a masqueraded lan (Francesco D'Inzeo)
2.2 breaks token ring driver? Need help! (Manthey, Tobias)
Secure Server (Don Stafford)
Re: Windows login to corporate domain thru Linux server ("Martin
=?iso-8859-1?Q?Wahlstr=F6m?=")
Re: pinging through firewall? (Greg Weeks)
Counter for a masquerade linux box (Thomas Bergerot)
Re: IBM Token Ring (Heribert Wettels)
Re: forgot password on a production machine ... (Scott Sharkey)
Re: GTE flamed linux for BillG (Robert Schratzer)
Re: Firewall oder sonstiges ?? !HILFE! ("Armin W.")
Short Test Kill Filesystem! (Jayasuthan)
Re: HTTP problems using PPP (Michael Kristensen)
Re: Please help w/muliple NICs (Cecil Watson)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Gert Wurzer)
Subject: ip_masqu->DirectPlay
Date: Wed, 10 Feb 1999 09:37:17 +0100
Hi, maybe anobody out there can help me!
I set up a linux router using ip masquerading, and basicly
it works great! Now I want to know if it is possible to
manage a Direct Play Connection from a windowsclient behind
the gateway to another windooze computer at the other side
of my gateway somewhere in the Internet.
Any experiences?
Thanx in advance
--
Gert Wurzer, Graz, University of Technology
email: [EMAIL PROTECTED]
homepage: http://www.sbox.tu-graz.ac.at/home/w/wurzer
ICQ: 7330537
------------------------------
From: Kai Krebber <[EMAIL PROTECTED]>
Subject: virusscanner for linuxproxy?
Date: Wed, 10 Feb 1999 09:33:29 +0100
Reply-To: [EMAIL PROTECTED]
Howdy!
We're using apache (as proxy) on linux for a
http-to-(Lotus-notes-)email-gateway-solution and I'm wondering, if
there's any virusscanner at all for linux out there , that's capable of
scanning http-traffic? It should scan for dos / win - viruses.
I know, the NS Proxyserver can scan http and ftp for virus, but it's not
available for linux yet, is it?
Kai Krebber
------------------------------
From: John Newbigin <[EMAIL PROTECTED]>
Subject: PPP password patch
Date: Wed, 10 Feb 1999 15:56:39 +1100
I have written a patch for ppp which allows you to specify a password
without storing it in a plain text file.
The patch and instructioins are available from
http://uranus.it.swin.edu.au/~jn/linux/ppp/pppdpatch.htm
John.
--
UNIX is user friendly. It's just selective about who its friends are.
checkout http://uranus.it.swin.edu.au/~jn
------------------------------
From: Rafael Marcus <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.admin
Subject: hacked login
Date: Tue, 09 Feb 1999 23:14:22 -0800
Reply-To: [EMAIL PROTECTED]
Someone probably hacked the login program in my Linux system and it
doesn't record te remote host address for a remote telnet login in the
"wtmp" file. I recompiled the login program but the problem persists.
Any idea what else I should check to solve the problem.
Thanks
Rafael.
------------------------------
From: Sutrice <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.install,demon.ip.support.unix,redhat.networking.general
Subject: Re: Warning: Connecting Linux Redhat 5.2 to ISP that supports SMTP
Date: Thu, 11 Feb 1999 11:20:58 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Wed, 10 Feb 1999 12:56:08 GMT, Sutrice wrote:
...
[to avoid bouncing email to users not set up or aliased in Linux, ]
> >You simply have to define LUSER_RELAY to be local:postmaster.
> >
> >http://www.cabaret.demon.co.uk/mail.html#3
> >
> >Once you have your recognised users set up, it's probably wise these days to
> >turn off this behavior.
...
> Maybe it's a good idea to put a couple of common sendmail and possibly
> others MTA config files on a web page, it don't really care who's website. I'm
> gonna put my sendmail config file (with Anti Spam stuff, see other thread)
> on my site. There are a couple of others who also have config files on their
> site eg. ww.hopf.demon.co.uk. But i figure it would be nice to have a
> collection of config files which are commonnly used on a central site. So when
> new/other user's ask about setting up mail for use with demon we can just
> point them to that central site.
>
> If there already is such a site i'd like to know.
...
As far as Demon Internet goes, Michael Bernardi announced such a site in
demon.ip.support.unix on February 5th.
On the site, he says:
"I decided to create this page when I discovered how hard it was to
find information on how to connect to Demon using Linux. It lists web
pages which have information which are particularly useful to Demon
subscribers."
http://www.dendarii.demon.co.uk/linux/
So I guess the thing to do is to put your sendmail config up on your website
and send him the URL.
Soeur Sutrice de Tormunil
Red Hat 101: Help for new and prospective Linux users
http://www.dejanews.com/~redhat101/
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "pules" <[EMAIL PROTECTED]>
Subject: pinging through firewall?
Date: Thu, 11 Feb 1999 11:17:35 +0100
Is there a way to let a computer behind a masquerading firewall answer
pings? I'm running a HalfLife server, and to be listed in the server list,
the master server needs to ping it.
------------------------------
From: [EMAIL PROTECTED] (Gary R Byrd)
Subject: Re: POP3 Mail Server for Win Clients
Date: Thu, 11 Feb 1999 06:54:00 GMT
On Tue, 9 Feb 1999 18:44:13 -0500, "Brandon"
<[EMAIL PROTECTED]> wrote:
>OLIVER WROTE:
>>How do I setup a Linux server (SuSE 5.3 and 6) connected to an ISP via
>>ISDN-Router to act as a POP3 mail server for Win95/NT clients running
>>Outlook Express?
>
>Oliver,
>I have tried Stalker Software's CommuniGatePro, it is a commercial package,
>but it has a very nice web interface for both administration and even for
>users mail if you want. I It is like $500 for a 50 user licenses as I
>recall. I set it up the demo version in a night to route mail from a
>single imap/pop3 mailbox on our ISP to many separate pop/imap mailboxes on
>my local Linux box. I am having trouble with local email though. For now I
>have to send to the ISP and then redeliver it back to my local server,
>pretty inefficient. I am sure there is a way to work around this, but I
>have not spent much time yet.
>
>Overall I really like the product. I am technically proficient, but still
>very inexperienced when it comes to Linux, so the web administration is
>great for me. Even $500 isn't too much since I can write it off. I still
>haven't committed and would too like to hear of other solutions, preferably
>free ones.
>
>BTW I'm using Caldera OpenLinux 1.3, but according to their website, they
>handle *many* different platforms so I doubt your Linux version will be a
>major issue. I use a 3com ISDN LAN Modem for a quasi static connection. I
>poll the remote mailbox every minute.
>
>Their URL is: www.stalker.com
>
>Hope this helps,
>Brandon
>
------------------------------
From: Francesco D'Inzeo <[EMAIL PROTECTED]>
Subject: Errors accessing ftp servers from a masqueraded lan
Date: Thu, 11 Feb 1999 12:10:17 +0100
Hi everyone
I have a linux box which acts as a fireawall between my private lan and
the internet.
I use this line:
/sbin/ipfwadm -F -a m -o -v -S 192.168.2.0/24 -D 0.0.0.0/0
to masquerade my private lan.
Everything works fine except when a machine on the private lan
wants to ftp with an ftp server on the internet side.
In effect the private lan machine connects to the ftp server on the
internet, but when issueing the command "ls" from the client to the
ftp server, the ftp client hangs.
I saw that just before the "ls" command the client ftp sends a PORT
command informing the server about the client IP Address and the
port number, but normally this IP Address is masqueraded and I thought
that this hangs the server because it can't open a socket with that IP
address
and that PORT.
Any advice about this problem is welcome.
TIA
Francesco D'Inzeo
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Manthey, Tobias)
Subject: 2.2 breaks token ring driver? Need help!
Date: Tue, 09 Feb 1999 07:02:38 -0800
Update:
Solution was a broken NIC. It worked fine 'til today. :-((
This sucked quite.
Thanx anyway
*** Posted from RemarQ - http://www.remarq.com - Discussions Start Here (tm) ***
------------------------------
From: [EMAIL PROTECTED] (Don Stafford)
Subject: Secure Server
Date: Thu, 11 Feb 1999 12:20:43 GMT
Reply-To: [EMAIL PROTECTED]
How do I setup a secure server with Apache on RH Linux 5.2
Don Stafford, Director of Information Technologies
UAV Entertainment
2200 Carolina Place
Fort Mill, SC 29715
Phone: 803.548.1056 x159
Fax: 803.548.2493
[EMAIL PROTECTED]
http://www.uavco.com/
------------------------------
From: "Martin =?iso-8859-1?Q?Wahlstr=F6m?=" <[EMAIL PROTECTED]>
Subject: Re: Windows login to corporate domain thru Linux server
Date: Fri, 29 Jan 1999 08:16:26 +0100
I had the same problem.
My Windows95 users could not log on to the NT domain when connected by PPP
to the modems
at the Linux box.
After updating MSDun to version 1.2(?) it just worked!! (By now i think
ther is a 1.3 version)
Look for it at M$ www.
(I also updated the TCP/IP packages from M$)
My windows 98 user didn't have this problem.
I also have some IP-forwarding/aliasing enabled at the Linux.
Hope this helps..
Martin/
Christopher G. Petty wrote:
> Here's one for the thinkers out there. I'll admit I'm stumped on this
> one.
>
> I'm trying to allow remote windows users to login to my local LAN vial a
> DoD Linux box. The problem is that the domain information refuses to
> pass thru the PPP link. Services such as Micro$loth Exchange, Mail, etc
> are not seen, nor are the machines on the other side of the PPP link.
>
> I can ping both ways across the PPP link, so routing is not the issue.
> The Linux server at the remote site is dialing into an NT 4 SP4 server.
> When the link is up, I can ping the remote workstations, the remote
> linux box, telnet to the remote linux box, and thru it, ping both remote
> and local machines, but none of the NT domain information is being
> passed.
>
> Anyone got a clue on how I can get this to work?
>
> Thanks in advance.
>
> _CGP
==================================================
This is just my opinion and has nothing to do
with the company named "Ericsson"
Email: Martin . Wahlstrom @ uab . ericsson . se
==================================================
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Greg Weeks)
Subject: Re: pinging through firewall?
Date: Thu, 11 Feb 1999 07:11:06 -0600
In article <36c2ad97$0$18758@pascal>,
"pules" <[EMAIL PROTECTED]> writes:
> Is there a way to let a computer behind a masquerading firewall answer
> pings? I'm running a HalfLife server, and to be listed in the server list,
> the master server needs to ping it.
Just let the firewall answer the ping. To everthing outside there is
only one machine. If it's not a standard ICMP echo reply ping then
you'll need to open the port up for the TCP or UDP connection to get
through.
Greg Weeks
--
http://durendal.tzo.com/greg/
------------------------------
From: Thomas Bergerot <[EMAIL PROTECTED]>
Subject: Counter for a masquerade linux box
Date: Thu, 11 Feb 1999 14:16:10 +0100
Hi !
I'd like to count how many bytes are going in/out my masquerade linux
box.
I tried using ipfwadm, with IP accounting. It seemed to work fine, but
the counter you see when you type "ipfwadm -A -l" is not accurate.
For example, if you download a 500k file, it only counts 40k !!
How can i make a counter FOR EACH MACHINE on the local network
(192.168.0.x) using Windows 95 ?
Thank you very much,
Thomas Bergerot.
------------------------------
From: Heribert Wettels <[EMAIL PROTECTED]>
Subject: Re: IBM Token Ring
Date: Thu, 11 Feb 1999 14:21:50 +0100
smcewan schrieb:
> The only support I know of under any Linux kernel from reading hardware lists
> is IBM token ring cards which don't use a DMA channel. We use Madge cards at
> work, so I am looking out for Madge support, and I heard a rumor of Madge
> drivers, but nothing substantial. Does anyone know of Madge drivers?
Madge has an alpha version for the Smart 15/4 PCI Ringnode mk2 token ring card.
It can be oprtained by sending a mail to <[EMAIL PROTECTED]>. I got it but could
not get it to work so far on my SuSE 6.0 distribution. If anybody has succeeded
in doing so I'd be thankful for every hint.
Heribert
--
Heribert Wettels
Sueddeutsche Zeitung - SZonNet
Sendlinger Str. 8, 80331 Muenchen
Tel. (0 89) 21 83-82 24, Fax -93 80
------------------------------
Subject: Re: forgot password on a production machine ...
From: [EMAIL PROTECTED] (Scott Sharkey)
Date: 11 Feb 99 13:24:58 GMT
In article <79sqcs$oa$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>Hi there,
>
>(I think my question was there a thousand times before, but no time to
>search) :
>
>I've a Intel-machine running SUSE-Linux 5.3 Kernel 2.0.32...and taking
>security seriously I changed the password 2 weeks ago into an very cryptic
>one and forgot to write it down ... so here is my problem, I'VE TO GET INTO
>THAT MACHINE ... but how ???
>
>If you have any ideas please mail me >> [EMAIL PROTECTED]
1) Reboot the Machine (CTL-ALT-DEL at console usually does it)
2) At the LILO prompt, type "linux single"
3) This should take you into Linux Single user mode, which
normally does not require a password. If it does ask you
for a password, then you're gonna have to get yourself a Linux
boot disk (look for Tom's rbtLinux). But you should be
able to get in, and run passwd to change the root password.
-Scott
--
Linux Servers and Workstations Preconfigured just for you
at http://linux.lanshark.com
------------------------------
Date: Thu, 11 Feb 1999 10:15:42 +0100
From: Robert Schratzer <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: GTE flamed linux for BillG
Crossposted-To: comp.os.linux.hardware
James wrote:
>
> My isp, mtt.ca, will also terminate adsl service if the account is using
> anything other than windows. Apparently, MacOs has crashed some systems,
This looks like typical M$-thinking! A system cannot "crash" another one
over a network. If a system crashes (itself) it's because of poor
implementation.
> and service is now discounted if the user has a mac or a linux box.
>
my 2c
------------------------------
From: "Armin W." <[EMAIL PROTECTED]>
Subject: Re: Firewall oder sonstiges ?? !HILFE!
Date: Thu, 11 Feb 1999 15:12:55 +0100
>
>not very likely, if youre running linux
Ich hab nur auf dem Server Linux, auf meinem PC ist Win95.
>> Kennt einer von dem Bug ? Wie kann ich den umgehen ?
>> Kann ich mit linux eine Protection aufbauen dagegen ?
>> Es w�rde mir sogar reichen wenn die Firewall alles abf�ngt was von der
>> speziellen IP kommt, da ich diese weiss. Wie kann ich das einrichten ? Wo
>> bekomm ich sowas her ?
>>
>> Gr��e,
>> Armin
>>
>>
>
>entschuldigung, auf deutsch weiter - als erstes w�rde ich in hosts.deny
diese
>adresse ( die dir bekannt ist) f�r alles sperren - bin in der firma, ohne
>linux-zugang, aber die sysntax findest du in einer howto. irgendwie so wie
>"ALL: >hier mindestens die adresse eintragen<" evtl w�rde ich "ALL:ALL"
>vorschlagen zus�tzlich ALLE passw�rter �ndern da der hacker diese
vermutlich
>kennt, am besten den root-account umbenennen - damit hast du mal eine
>grundlegende sicherheit.
Es ist kein Hacker, sondern eher eines dieser Kids die sich ne Hack-Cd
kaufen und sich dann toll vorkommen. Ich hab aus ihm schon rausgequetscht
wie was gemacht wird : In DOS mit net view die IP des Ziels angeben und wenn
er seine Platten freigegeben hat (was ich jetzt gesperrt hab) kann er auf
mich zugreifen, weil das dann �hnlich wie ein Lan bedient wird.
Aber trotzdem werd ich �ber Linux versuchen das zus�tzl. zu blockieren.
Danke f�r die Hilfe,
Armin
------------------------------
From: Jayasuthan
Subject: Short Test Kill Filesystem!
Date: 10 Feb 99 13:38:34 GMT
Please email me back very urgent....
I have try out Kernel 2.2.0 for 2 hours and my kernel 2.0.36 went crazy. I
went off for two day and findout some file where corrupted. This what read
in /var/log/messages
Feb 8 04:41:26 eplx01 kernel: EXT2-fs error (device 03:01): ext2_readdir:
bad entry in directory #5835: rec_len is too small for name_len - offset=0,
inode=186
9574703, rec_len=12148, name_len=27694
Feb 9 04:41:23 eplx01 kernel: EXT2-fs error (device 03:01): ext2_readdir:
bad entry in directory #5835: rec_len is too small for name_len - offset=0,
inode=186
9574703, rec_len=12148, name_len=27694
Plus this messages:
Feb 10 18:12:07 eplx01 kernel: EXT2-fs error (device 03:03):
ext2_check_blocks_bitmap: Block #246 of the inode table in group 0 is marked free
Feb 10 18:12:07 eplx01 kernel: EXT2-fs error (device 03:03):
ext2_check_blocks_bitmap: Block #247 of the inode table in group 0 is marked free
Feb 10 18:12:07 eplx01 kernel: EXT2-fs error (device 03:03):
ext2_check_blocks_bitmap: Block #250 of the inode table in group 0 is marked free
The the worst part .... went I return to work I found my server having
this files
br-Sr-S--- 1 25449 28015 99, 105 Nov 26 2031 System.map
br-srwS-wT 1 29813 23328 9, 10 Jan 19 2026 System.old
What happened ?.... no I stick with Kernel 2.2.0..
And how can I remove those files ? I have upgrade halfly but anyway The
server works as normal. I still require major upgrade ... My last email
on kernel 2.2.0 upgrade have been answer and I will follow guidelines from
there. Can I keep Linux 2.2.0 running during upgrade < funny question
>/// Will it cause network noise or problem... I having net-tools 1.45. ?
Thank You,
--
==========
Jayasuthan
smtp%"[EMAIL PROTECTED]"
------------------------------
From: [EMAIL PROTECTED] (Michael Kristensen)
Subject: Re: HTTP problems using PPP
Date: Thu, 11 Feb 1999 13:51:19 GMT
On Fri, 05 Feb 1999 10:01:02 +0100, Anhtuan <[EMAIL PROTECTED]> wrote:
>May be you should start httpd at boot
httpd??? Might be a stupid question, but why should I run a http
demon, if I'm only to use Netscape/Lynx at browsers?? I'm not gonna
run a http-server
Regards,
Michael
==========================================================
Michael Kristensen
E-mail: [EMAIL PROTECTED]
Homepage: http://www.cyberjunkie.com/mk
ICQ-UIN: 478933
==========================================================
My public PGP key is available @ ldap://certserver.pgp.com
DON'T use the DH/DSS key # 0x09656A81
ONLY use the RSA key # 0xC90571AD
==========================================================
Remove antispam sentence (remove_this.) in e-mail address.
==========================================================
------------------------------
From: Cecil Watson <[EMAIL PROTECTED]>
Subject: Re: Please help w/muliple NICs
Date: Tue, 09 Feb 1999 08:16:32 -0800
Rick,
Thanks for replying to my message in Usenet. I'm using Redhat 5.2
supposedly you don't have to compile the kernel...But at any rate, can you point
in the direction of a How To on doing this? Thanks in advance,
cesman
Rick Onanian wrote:
> Cecil Watson wrote:
>
> > Hello,
> >
> > I'm having problem configuring multiple NIC under RedHat 5.2. I can
> >
> > get both of them recognized, but can only ping one at a time?! I must
> > disable one, ping the other disable,enable the first them I can ping
> > it?! I'm trying to enable IP masquerading, I've read the How-Tos but
> > cannot find and answer. Thanks in advance,
> >
> > cesman
>
> If the Multiple-Ethernet howto doesn't answer your question, than the one
> bit of information it's missing is prolly what you need: In order to get two
> ethernet cards of the same type working, you must compile them into the
> kernel rather than as modules. This has been my experience. Once I did that,
> everything got easier.. Then you just follow the multiple-ethernet howto.
>
> rick
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
