Linux-Networking Digest #186, Volume #10 Fri, 12 Feb 99 20:13:44 EST
Contents:
Re: spoofing/hacking? (John Meissen)
Replacing NT Server with RH5.1..? ("G�ran Karlsson")
Re: I never thought that I would be one too - (Matt Kressel)
Re: Cable modem (Matt Kressel)
Re: Network card 3com 3C509B Etherlink 3 - problems anyone had this?? (John Forkosh)
PPP and Internet ("Olivier Mar�chal")
HELP - Samba, TCP/IP ("Michel A. Lim")
Re: bandwidth limiting applications. (Michael Meissner)
PPPD dialin... really close ("Dan Tager")
@Home with TCI cable modem? ("Matt Rizzo")
Re: Netatalk/gs printing problems (Rod Smith)
IPSEC ("Charles F. Pacheco")
Re: Problem getting chat to display output under pppd (Clifford Kite)
Re: RH5.0 does not recognize a 3Com 3c905B card (Phil DeBecker)
Re: POP3 Mail Server for Win Clients (Christian Ordig)
Re: ftp gets stuck in FIN_WAIT1 when running 2.2.1 (Sami Tikka)
Re: SCIOCADDRT: Invalid Argument.... HELP (Colin)
----------------------------------------------------------------------------
From: John Meissen <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: spoofing/hacking?
Date: Fri, 12 Feb 1999 11:04:35 -0800
A followup to my earlier post...
John Meissen wrote:
>
> I have someone who appears to be trying to spoof their way into
> my network.
Last night I did some more digging.....I downloaded a handful of packet
sniffers, interface monitors, etc, and tried to capture some more data.
The other side of the firewall is a cable modem. The problem is that
the source address is the same as one of my internal machines, which
is why I'm getting the message - it appears like someone is trying to
talk to an inside machine from the outside, while pretending to be
another machine on the inside.
They were very predictable - packets coming across at exactly 7.5
minutes
during the slow periods. So I just sat and waited and captured a block
of
packets around the time I was expecting them.
After looking at the stuff and pondering for a few minutes I think I
understand what happened - some PC person got a cable modem and decided
to set up a LAN of Windows boxes. They just happened to pick the same
internal network IP addresses as me. Unfortunately, they configured
their IP forwarding wrong, and their internal traffic is getting spewed
out onto the cable modem network. It shows up on my ethernet interface
and the firewall routing thinks it's for one of my machines.
I assume it's coming from the same leg of the cable net, since I don't
think any reasonably intelligent switch would forward those packets.
I forwarded the data, with the MAC address, to TCI/@Home to see if
they could identify the user from the MAC address and politely ask him
to fix his system. Meanwhile I just changed my addresses, which is
pretty
easy since I'm reconfiguring my systems anyway right now.
But I am learning a lot about network monitoring :-) If there's any
interest
I may post some summaries of how often people try to gain access to my
system.
------------------------------
From: "G�ran Karlsson" <[EMAIL PROTECTED]>
Subject: Replacing NT Server with RH5.1..?
Date: Fri, 12 Feb 1999 21:46:09 +0100
Hi,
I�m a newbie to Linux with some simple questions:
1. Can I replace a NT Server with RedHat 5.1?
I mean even the "domain" function, Windows 95/98/NT clients
get a domain login at startup.
2. Can anyone tell me about a good IMAP mail server for Linux,
where users easily can setup autoreply etc.
3. Is it easy to configure Linux as a simple ISDN router?
How big machine is required?
Sorry for bad english. Please respond with explanations, URL�s etc.
/GK, SWE
------------------------------
From: Matt Kressel <[EMAIL PROTECTED]>
Subject: Re: I never thought that I would be one too -
Date: Fri, 12 Feb 1999 20:24:18 GMT
K.A. Steensma wrote:
>
> I thought my diald was one of the exceptions. It seemed to work just
> fine. I have gotton around most of the pitfalls of 'not connecting',
> 'connecting all the time', 'no ping throught the gateway', etc. But I
> was wrong.
>
> I seems that (with a Win98 machine running) every once in a while, diald
> will see a need to dial up so that 'someone' can access my ISP's name
> server. I have run 'ip_traf' and have watched the packets and compared
> the machine log ('/var/log/messages') with the ip_traffic.log file. I
> can tell you this. It is caused by the Win98 machine. It's the slip
> that is making a request. But I don't know why? Someone mentioned that
> it might have something to do with the 'subscriptions' or 'channels'
> that are in Win98. But I don't use subscriptions nor am I using the
> active desktop.
>
> Has anyone experienced this and how have you solved it? Does anyone
> have a better method to track this down. TIA Keith
Every 10 minutes or so Win 95/98/NT sends out netbios-ns requests to say
"Anybody out there?". Just disable ports 137,138, and 139 from bringing
up the link in your standard.filter file.
-Matt
--
Matthew O. Kressel | INTERNET: [EMAIL PROTECTED]
+--------- Northrop Grumman Corporation, Bethpage, NY ---------+
+--------- TEL: (516) 346-9101 FAX: (516) 346-9740 ------------+
------------------------------
From: Matt Kressel <[EMAIL PROTECTED]>
Subject: Re: Cable modem
Date: Fri, 12 Feb 1999 20:35:11 GMT
Frederic Lemoine wrote:
>
> Hello,
>
> I'd like to connect to Internet through a cable modem (LANcity) under SuSe
> 5.3
>
> Could anyone explain me what I should do ? As I'm a beginner I would very
> much appreciate a comprehensive answer.
>
> In my SuSe manual I don't find anything about DHCP client. Am I blind or is
> this technique not used in Linux, or does it have another name ?
>
> Thanks for your answer.
>
> Fred.
Take a look at the voluminous documentation at
http://metalab.unc.edu/LDP/ . Follow the links to the HOWTOs. You will
find a DHCP HOWTO there.
-Matt
--
Matthew O. Kressel | INTERNET: [EMAIL PROTECTED]
+--------- Northrop Grumman Corporation, Bethpage, NY ---------+
+--------- TEL: (516) 346-9101 FAX: (516) 346-9740 ------------+
------------------------------
From: [EMAIL PROTECTED] (John Forkosh)
Crossposted-To: comp.os.linux.misc
Subject: Re: Network card 3com 3C509B Etherlink 3 - problems anyone had this??
Date: 12 Feb 1999 17:18:07 -0500
Al Dev ([EMAIL PROTECTED]) wrote:
: I installed redhat 5.2 on pentium 90 box having the 3com 3c509B
: Etherlink 3 network card.
: The networking does not work.
: if I do -
: # ifconfig eth0 up
: it says SIOCSIFFLAGS: Resource temporarily not available
: ifconfig eth0 gives
: IRQ 10 address 0020 af ea 85 b6
: Anyone had this problem? How to get around this one?
: I have another box which has 3c59x card and it works fine.
I'm not sure about that error, but I do know you have to
run the DOS program that come with the board to turn
off pnp and to turn off autodetect (set it for 10baseT
or 10base2 explicitly). If you haven't done that,
give it a try and maybe the error will go away.
John ([EMAIL PROTECTED])
------------------------------
From: "Olivier Mar�chal" <[EMAIL PROTECTED]>
Subject: PPP and Internet
Date: Fri, 12 Feb 1999 22:52:39 +0100
I configure a PPP connection on my Linex redHat 5.1
When I use Root account all is good (i can go on the Web, send mails,...)
When i try the same thing with another user different from Root, i can't
open then moden via the control panel.
I know i do something wrong but what, i don't know.
Could you help me please.
Thanks
------------------------------
From: "Michel A. Lim" <[EMAIL PROTECTED]>
Subject: HELP - Samba, TCP/IP
Date: 12 Feb 1999 23:05:46 GMT
hello all. i have successfully installed a network card onto my LINUX Red
Hat 5.2 server (kernel 2.0.36-0.7). during startup, this LINUX server is
assigned an IP address from my NT3.51 server with DHCP. i can telnet, ftp
and
ping from a win 9x workstation into the linux box. furthermore, i can ping
from the linux box to the NT server and any NT4/9x station. i can also use
samba to access the shared directories on the NT server.
however, i cannot use smbclient from the linux server to any of the NT4/9x
workstations. in addition, i cannot telnet to either the NT server or to
any of the workstations. the linux server also does not appear in the
network neighborhood of any NT4/9x workstation.
i feel like i'm close, but i am not network savvy. i'm not sure where to go
next. any suggestions would be very welcome. more details are added below.
other (related?) question:
since my NT server assigns IP address dynamically, i would like to be able
to ping, telnet or ftp to the workstations using their respective host
names. how can i set this up? does this involve name resolution and/or the
lmhosts file?
thank you for your attention in this inquiry.
regards,
michel a. lim
associate
wong hobach lau
consulting engineers
structural/civil/construction management
www.whl-international.com
more background info...
NT 3.51 Server
static IP 192.168.34.1
host name: WHL_NT1
domain name: WHL_DC
workgroup: wong
DHCP installed
DNS and WINS not configured
Linux Red Hat 5.2 server (kernel 2.0.36-0.7, samba 1.9.18)
host name WHL31
typical NT4/9x workstation
Intel EtherExpress PRO/10+ ISA network card
TCP/IP protocol installed
NetBEUI protocol installed as default protocol
telnet 192.168.34.1
Unable to connect to remote host: Connection refused
ifconfig
Link encap: Ethernet HWaddr: 00:A0:C9:16:83:F7
inet addr:192.168.34.8 Bcast:192.168.34.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
Rx packets:1671 errors:0 dropped:0 overruns:0 frame:0
Tx packets:892 errors:0 dropped:0 overruns:0 carrier:1 collisions:2
Interrupt:7 Base address:0x320
this works -
smbclient \\\\WHL_NT1\\WHL_CDRV -U mlim
Get_Hostbyname: Unknown host WHL31
Failed to get my hostname
Get_Hostbyname: Unknown host WHL31
No interface found for address 144.20.14.64
Added interface ip=144.20.14.64 bcast=144.20.255.255 nmask=255.255.0.0
Get_Hostbyname: Unknown host WHL31
Get_Hostbyname: Unknown host WHL31
startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such
file or directory
Server time is...
Timezone is UTC-8.0
password:
this does NOT work -
smbclient \\\\WHL27\\temp -U mlim
Get_Hostbyname: Unknown host WHL31
Failed to get my hostname
Get_Hostbyname: Unknown host WHL31
No interface found for address 144.20.14.64
Added interface ip=144.20.14.64 bcast=144.20.255.255 nmask=255.255.0.0
Get_Hostbyname: Unknown host WHL31
Get_Hostbyname: Unknown host WHL31
startlmhosts: Can't open lmhosts file /etc/lmhosts. Error was No such
file or directory
Get_Hostbyname: Unknown host WHL31
cli_open_sockets: Unknown host WHL27
excerpts from smb.conf
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup=wong
#All NetBIOS names must be resolved to IP addresses
; name resolve order=wins lmhost bcast
#DNS Proxy
dns proxy=no
[homes]
comment=Home Directories
browseable=no
writeable=yes
;[netlogon]
; comment=Network Logon System
; path=/home/netlogon
; guest ok=yes
; writeable=no
; share modes=no
------------------------------
From: Michael Meissner <[EMAIL PROTECTED]>
Subject: Re: bandwidth limiting applications.
Date: 12 Feb 1999 17:05:44 -0500
[EMAIL PROTECTED] (Maurie Daly) writes:
> Is there any way to limit the connection bandwidth an application may use when
> its using a IO port, for example , assume one is connected to the Net via a
> 64K link running ppp, can I somehow limit the amount of bandwidth that a web
> server can grab to 50% , eg 32K , thus leaving 32K free for other apps.
> I believe that ipchains can possibly do this , but Ive not played with it all .
You might want to check out the Traffic Shaper in the newer kernels (note, I've
never used it).
--
Michael Meissner, Cygnus Solutions (Massachusetts office)
4th floor, 955 Massachusetts Avenue, Cambridge, MA 02139, USA
[EMAIL PROTECTED], 617-354-5416 (office), 617-354-7161 (fax)
------------------------------
From: "Dan Tager" <[EMAIL PROTECTED]>
Subject: PPPD dialin... really close
Date: Fri, 12 Feb 1999 17:58:55 -0500
When trying to dialin from windoze 95/98 box to pppd 2.2.0f I get the
following error in syslog...
Feb 12 17:32:25 silver pppd[699]: Peer is not authorized to use remote
address
205.133.98.30
options file...
205.133.98.10:205.133.98.30
dns-addr 205.133.98.10
dns-addr 199.210.133.2
asyncmap 0
crtscts
lock
modem
netmask 255.255.255.0
+pap
proxyarp
login
lcp-echo-interval 30
lcp-echo-failure 4
Any clues?
--Dan
------------------------------
From: "Matt Rizzo" <[EMAIL PROTECTED]>
Subject: @Home with TCI cable modem?
Date: Fri, 12 Feb 1999 18:40:24 -0500
Has anyone successfully installed a cable modem through @Home and TCI in
Linux? I called their 800 number and they said they do not support the
Linux OS. I was wondering if it would even work. I am running RedHat 5.2.
Thanks for your time.
-Matt
------------------------------
From: [EMAIL PROTECTED] (Rod Smith)
Subject: Re: Netatalk/gs printing problems
Date: 11 Feb 1999 13:57:56 GMT
Reply-To: [EMAIL PROTECTED]
In article <79tls5$p9b$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Rod Smith) writes:
> Hi,
>
> I'm trying to get an iMac to print via a network to an Epson Stylus Color
> 400 connected to a Linux box, with limited success.
...
> My problem is that files which use standard
> PostScript fonts (Times, Helvetica, etc.) fail to print, with an error
I've solved the problem. It turns out that I had a typo in the path to my
.ppd file in the /etc/atalk/papd.conf file. I don't claim to know what
papd is doing with those .ppd files, but whatever it is seems pretty
critical....
--
Rod Smith
[EMAIL PROTECTED]
http://www.users.fast.net/~rodsmith
NOTE: Remove the "uce" word from my address to mail me
------------------------------
From: "Charles F. Pacheco" <[EMAIL PROTECTED]>
Subject: IPSEC
Date: Fri, 12 Feb 1999 19:21:16 -0500
Anybody know if there is any IPsec stuff for linux?
cpac
------------------------------
From: [EMAIL PROTECTED] (Clifford Kite)
Subject: Re: Problem getting chat to display output under pppd
Date: 11 Feb 1999 08:30:21 -0600
Peter Ajamian ([EMAIL PROTECTED]) wrote:
: I wrote a chat script wich sends output at the various stages of
: connecting so I can see the status of the connection as it happens.
: When I run the script as an argument to the connect parameter of pppd
: the script connects and works but the output doesn't display. When I
: run the script directly (by piping the input and output to /dev/modem)
: it does display the output properly and connects, however, as soon as
: the script completes the connection is dropped. I have tried adding a
: line in the /etc/syslog.conf file as directed in the pppd man page but
: to no avail. I am running Red Hat 5.2 Kernal 2.0.36.
I believe pppd diverts and redirects at least some of the chat messages.
The lines
*.=info;*.=notice /usr/log/messages
*.=debug /usr/log/debug
in /etc/syslog.conf followed by
kill -HUP `pidof syslogd`
(or a reboot) will direct chat messages to /var/log/messages and PPP
negotiation messages to /var/log/debug - provided syslogd is running
of course.
Then doing, e.g., "tail -f /var/log/debug" allows the PPP debug messages
to be seen during the connection process.
--
Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
/* I gave up on politics when no matter who I voted for, I regretted it.
* -- Pepper...and Salt, WSJ */
------------------------------
Date: Thu, 11 Feb 1999 09:59:30 -0500
From: Phil DeBecker <[EMAIL PROTECTED]>
Subject: Re: RH5.0 does not recognize a 3Com 3c905B card
Senthil Kandasamy wrote:
> I could not get RH 5.0 to recognize a 3Com 3c905-B Ethernet Card.
> Windows NT-4.0, loaded on the same machine easily recognizes the card.
> The LDP says that this card is supported though .
> Choosing the 3c90x option during installation does not help. The only
> way to complete installation was to cancel and choose "No networking"
> option.
>
> Has any body else had any such problems with this particular card? I
> Really need to get this system networked and running on linux within a
> few days. Any help would be really appreciated
> You can email me at [EMAIL PROTECTED]
The 3c905b has a spotty history with Linux. I use them in two different
machines, and they work fine, but I've had problems getting them to work
at full speed on 100mbps networks, etc. I would suggest that you either
install a newer version of Red Hat (5.2 currently) or at least upgrade
your kernel to a more recent version. The kernel in RH 5.0 is pretty old
and doesn't include the latest 3c509 driver.
You could also check out this site:
http://cesdis.gsfc.nasa.gov/linux/drivers/vortex.html
There, you can obtain the latest version of the 3c59x.c file which you can
drop into your kernel source and rebuild- this will give you the newest
3c59x driver. There are also a number of good tips on how to use the
card, how to set driver options for maximum performance, etc.
Really, though, I suggest you upgrade to kernel version 2.0.36 and see if
that doesn't help your problems.
Phil
------------------------------
From: [EMAIL PROTECTED] (Christian Ordig)
Subject: Re: POP3 Mail Server for Win Clients
Date: Thu, 11 Feb 1999 14:36:16 +0100
Reply-To: "Christian Ordig" <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Oliver J Lindner) writes:
> How do I setup a Linux server (SuSE 5.3 and 6) connected to an ISP via
> ISDN-Router to act as a POP3 mail server for Win95/NT clients running
> Outlook Express?
>
> Is there any step-by-step instruction/documentation available?
> (Haven't found anythig specific in the howtos.)
>
> My ISP allows "unlimited" e-mail names which will all get forwarded to
> webmaster@domain if not previously defined. Is there any tool, setup
> or program availble reading the initial e-mail recipient and then
> forwarding the e-mail to the appropriate user account?
>
> Thanks. <oliver>
What about the fetchmail package? (package pop in serie n; SuSE6.0) It has a
program for fetching mail from your ISP's POP3 server and there's also a POP3
deamon included for Linux.
The forwarding to the correct account can be done using procmail.
I'd suggest reading the man pages and readmes and you'll be able to setup such
a szenario. If you've furhter questions, please drop me a mail.
Hope this helps.
--
Christian Ordig | Homepage: http://thor.prohosting.com/~chrordig/
Germany | eMail: [EMAIL PROTECTED]
__ _ |
/ / (_)__ __ ____ __ | Why Linux? Because it is free, stable, and
/ /__/ / _ \/ // /\ \/ / | bugs can be fixed in source opposed to waiting
/____/_/_//_/\_,_/ /_/\_\ | for a stable WinTendo from Micro$oft.
------------------------------
From: Sami Tikka <[EMAIL PROTECTED]>
Subject: Re: ftp gets stuck in FIN_WAIT1 when running 2.2.1
Date: 13 Feb 1999 00:15:32 +0200
[EMAIL PROTECTED] (J. Scott Berg) writes:
> Check the mtu using ifconfig. Try setting the mtu to a lower value
> (1500, or even 576) using ifconfig.
I tried setting pppd's mtu option to 576. It helped a bit but not
much. Now I am able to transfer a few files but eventually it hangs
the same way as before.
> If this did fix your problem: what version of pppd are you running
> with under 2.0.36 and 2.2.1 respectively (I suppose you're using the
> same one...), and have you replaced any of the kernel source files
> with ones from the ppp distribution in either case?
I am running a RedHat 5.2 system with all the update rpms. I think one
of the updates was ppp 2.3.5 and that is what I am and was running. I
haven't compiled ppp 2.3.5 myself and I haven't replaced any kernel
files with ppp distributions files. (Should I have?)
When I upgraded my 2.0.36 to 2.2.1 I read the Documentation/Changes
and then fecthed, compiled and installed modutils, net-tools and
util-linux. All the other (relevant) components were up to date.
--
Sami Tikka, [EMAIL PROTECTED], http://www.iki.fi/sti/
------------------------------
Date: Fri, 12 Feb 1999 19:33:56 -0500
From: Colin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: SCIOCADDRT: Invalid Argument.... HELP
Nobody wrote:
> I am setting up a Redhat 5.2 linux box as a web/ftp server. I am using an
> SMC EtherEZ ISA card. I have used this card on dozens of Linux Installs
> with no problems at all. In fact I installed linux on this machine using
> this card via FTP. I have never seen the error message SCIOCADDRT: Invalid
> Argument before... any help would be appriciated.
>
> Things that changed since the card last worked:
> The card was originaly setup to using DHCP, It now uses a static IP.
>
> Linux was installed while the machine was on another network than the one on
> which it currently resides.
I get this after I installed the 2.2.1 Linux kernel. I would also like to know
what this means.
--
Reply to "cwv [at] idirect (dot) com"
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
