Linux-Networking Digest #222, Volume #10 Tue, 16 Feb 99 20:13:35 EST
Contents:
PPP under Redhat 5.2... ("BBQ")
Ok all, listen to THIS ppp problem.... : ) (Gurensan)
Clean Up lost+found (Jayasuthan)
Cable Modem-eth0 TX errors (Ryan park)
Re: GTE flamed linux for BillG (Gurensan)
Re: Dynamic DNS using BIND8 ? (Luca Filipozzi)
Re: DNS working, yet more questions (Sedmail problem maybe?) (Brian Lavender)
Re: DNS working, yet more questions (Sedmail problem maybe?) SOLVED (Brian Lavender)
Re: MS Explorer 4.0 for Unix (Steve Arnold)
Re: VPN through masquerade ("John Hardin")
Re: Fetchmail/procmail question (Victor Wagner)
Re: Samba WIN-95 question (Victor Wagner)
Re: How do i get linux onto a 486 box eh?!!?!?!?! (Gurensan)
Simple Samba question. . . I hope ("Thom V")
Re: Sending request to remote WWW server ("David Z. Maze")
Re: Putting Linux on my notebook (Job eisses)
Re: Setting up a secure firewall (Luca Filipozzi)
Re: Please help! (Geoff Allsup)
ethernet woes (Jeffrey Fulmer)
strange asymetric transfer rate on 100TX-FD ethernet (Alexandre Maret)
Re: Web server behind firewall with masquerading (Luca Filipozzi)
Re: A dual homed system, routing, dhcpcd (Luca Filipozzi)
Re: 2 ip segments on one physical segment (Walter Cardwell)
----------------------------------------------------------------------------
From: "BBQ" <[EMAIL PROTECTED]>
Subject: PPP under Redhat 5.2...
Date: Tue, 16 Feb 1999 15:17:01 +0800
Dear all,
I got a problem while I use PPP to connect my ISP under RH5.2.
and need someone help.....
Althought I successfully make PPP connecting to my ISP and get an IP
adddress from it, I can't open any web site with my beowser.....
I have check the resolv.conf and hosts files to make sure that the
configuration is correct. I can ping the IP address that assigned
from ISP but can't ping the ISP's address..
What's wrong ...............
Please help me.... ^_^
------------------------------
From: [EMAIL PROTECTED] (Gurensan)
Subject: Ok all, listen to THIS ppp problem.... : )
Date: 16 Feb 1999 07:21:19 GMT
UGH. You'll never believe what just happened.
I configed kppp to dial in to my ISP. For some damn reason, it decided that
my DNS entries weren't good enough, and now named starts at boot when I never
told it to. Same with sendmail. Sendmail hangs boot. I'm running rh5.1 outta
the box with KDE installed from the rpms.... All I did was tell it where to go
for DNS and that my ISP was dynamic and to use CHAP. Oh yeah, what numbers to
dial.
What could I have done to cause this???? This is crazy !!! Why should
attempting to connect to the internet require a re-install??? (I don't have a
standard floppy drive to plop a rescue disk into. All the scripts I've run into
don't ask what drive to place the image onto, default is always fd0 and I don't
have that device..... so I gotta do it by hand or modify a script to do it. I
don't know PERL... wwwwaaaaaahhhhh)
[EMAIL PROTECTED] <---- pick which distribution of me is right for
you.
Then install me. I will give you endless hours of hair-pulling pleasure.
------------------------------
Date: Tue, 16 Feb 1999 15:34:53 -0800
From: Jayasuthan <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.os.linux.slackware,comp.os.linux.hardware,ahn.tech.linux
Subject: Clean Up lost+found
Hi,
Lately I had a consider massive file corruption .. lucky that none
critical file corrupted. I could restore from backup but before that I
need some help. How can I clean up lost+found files.. < I don't want it
>. Two thos corrupted files ... how can I remove went "rm" doesn't works. The
>corrupted file is in device format linux file under /dev/.
This problem cause under Kernel 2.2.0 ... hdparm -m8 is consider a
dangerous option. Please watchout !
Thank You,
Suthan
------------------------------
From: Ryan park <[EMAIL PROTECTED]>
Subject: Cable Modem-eth0 TX errors
Date: Tue, 16 Feb 1999 07:27:59 GMT
I've successfully configured my cable modem to run
under Linux, and it does a great job. However, as I
run 'ifconfig' I get unusually large TX errors.
IE:
TX packets: 712446 Errors: 1281044 Dropped: 18061
Overruns 0 ...
And this is only on the Transmit. The recieve is
fine.
Using a PCI NE2k clone with Realtek 8029, with
support compiled into kernel 2.1.132.
Any suggestions on what is going on?
------------------------------
From: [EMAIL PROTECTED] (Gurensan)
Subject: Re: GTE flamed linux for BillG
Date: 16 Feb 1999 07:42:29 GMT
>>I believe that almost all ISP are using Unix flavor software.
Not true.. infoNET (do not use these ppl) are using NT Server. No wonder it's
such a bitch to connect thru Linux to these ppl.
[EMAIL PROTECTED] <---- pick which distribution of me is right for
you.
Then install me. I will give you endless hours of hair-pulling pleasure.
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: Dynamic DNS using BIND8 ?
Date: Mon, 15 Feb 1999 23:00:57 -0800
In article <01be58ee$147dc4c0$0d01a8c0@olaf>, [EMAIL PROTECTED] says...
> Hi
>
> I'm using the ISC DHCP server to assign IPs to my clients. There are
> Windows and Linux clients on the net, and all of them have client names.
>
> I wan't BIND 8 to automaticly recognize the clients name and to add it to
> the reverse-lookup zone and to my primary zone. Is this possible?
>
> Cya
> Shoki
>
No... well, sort of.
BIND 8 comes with the ability to update zones. You have to configure the
zone to allow updates:
zone "company.com" {
allow-updates 192.168.1.0/24;
}
Then, you can use nsupdate from the client machines to execute updates.
You can do this by configuring dhcpcd to execute a script whenever it
receives an ip address (look at the "-c <scriptname>" option) and
putting the nsupdate command in the script. There is no security in the
update protocol and any machine on the lan can screw with your DNS.
I've heard that some people have hacked the nsupdate code into DHCP
directly so that it's all server side.
I personally cause dhcpcd to call a script that invokes an ssh connection
to the server and executes another script on the server. The server-
side script performs minor sanity checks and updates the DNS. In this
way, the connection from the client machine to the server is encrypted
and secure and the nsupdate occurs locally on the server.
Hope this helps,
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Brian Lavender)
Subject: Re: DNS working, yet more questions (Sedmail problem maybe?)
Date: Tue, 16 Feb 1999 07:04:52 GMT
I took a look at the http://www.sendmail.org site and it looks as if
there has been concern about using sendmail to relay spam. I am
figuring that my current sendmail.cf file was generated to prevent
relaying and I take it I must generate a new one so I can get email
addressed to [EMAIL PROTECTED] . I don't currently have a sendmail.cw
file either. I am using Slackware 3.6 which contains sendmail 8.9.1 .
I take it I have to create an .mc file similar to the one below and
allow a special type of relaying and run it through m4.
m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
Is this correct? What is the proper relay directive to get email
addressed bigbrie.com to land in my email account where my the smtp
server really resides on darkstar.bigbrie.com? All my services are on
a single machine, darkstar.
brian
darkstar:# cat /usr/src/sendmail/cf/cf/linux.smtp.mc
include(`../m4/cf.m4')
VERSIONID(`linux for smtp-only setup')dnl
OSTYPE(linux)
FEATURE(nouucp)dnl
FEATURE(always_add_domain)dnl
MAILER(local)dnl
MAILER(smtp)dnl
On Mon, 15 Feb 1999 20:59:07 GMT, [EMAIL PROTECTED] (Brian Lavender)
wrote:
>Second problem, If I go to send email to [EMAIL PROTECTED] and it gets
>bounced with a relay error( included below). If you are more curious
>about the error, send email to [EMAIL PROTECTED] and it should bounce.
>If you send email to [EMAIL PROTECTED] it gets there. Of
>course I want people to be able to send email to [EMAIL PROTECTED] .
>Same question of course: Sendmail or DNS? The fix?
====================
Brian Lavender
Sacramento, CA
http://www.brie.com/brian/
"If a train station is where the train stops,
what is a workstation?" -- Phil Adamson
------------------------------
From: [EMAIL PROTECTED] (Brian Lavender)
Subject: Re: DNS working, yet more questions (Sedmail problem maybe?) SOLVED
Date: Tue, 16 Feb 1999 08:03:47 GMT
PROBLEM SOLVED!
On Mon, 15 Feb 1999 20:59:07 GMT, I, [EMAIL PROTECTED] (Brian Lavender)
wrote:
>Second problem, If I go to send email to [EMAIL PROTECTED] and it gets
>bounced with a relay error( included below). If you are more curious
>about the error, send email to [EMAIL PROTECTED] and it should bounce.
>If you send email to [EMAIL PROTECTED] it gets there. Of
>course I want people to be able to send email to [EMAIL PROTECTED] .
>Same question of course: Sendmail or DNS? The fix?
I got it fixed.
It appears the sendmail.cw
is NOT a default feature of Slackware 3.6 Sendmail configuration. So,
first I had to reconfigure Sendmail 8.9.1 to access the sendmail.cw
file to get the bigbrie.com. Now I am not sure this is a masquerading
or a relaying feature, but it works. I will try to understand later
on. If you feel so inclined to elaborate, please do.
Here is what I did:
I went to the /usr/src/sendmail directory where I found an the
README.linux file. It states that the default configuration file for
smtp is in cf/linux.smtp.mc . So, I looked at that file. I modified it
to contain the
FEATURE(use_cw_file)
and I issued the command
darkstar:# m4 linux.smtp.mc > /etc/sendmail.cf
I killed the current sendmail process
darkstar:# ps -ax | grep sendmail
and I restarted sendmail with
darkstar:# /usr/sbin/sendmail -bd -q15m
The final result is I received email at [EMAIL PROTECTED]
Thank you everyone for your help.
brian
====================
Brian Lavender
Sacramento, CA
http://www.brie.com/brian/
"If a train station is where the train stops,
what is a workstation?" -- Phil Adamson
darkstar:# cat /usr/src/sendmail/cf/cf/linux.smtp.mc
include(`../m4/cf.m4')
VERSIONID(`linux for smtp-only setup')dnl
OSTYPE(linux)
FEATURE(nouucp)dnl
FEATURE(always_add_domain)dnl
MAILER(local)dnl
MAILER(smtp)dnl
FEATURE(use_cw_file)
darkstar:# cat /etc/sendmail.cw
bigbrie.com
------------------------------
From: [EMAIL PROTECTED] (Steve Arnold)
Subject: Re: MS Explorer 4.0 for Unix
Date: Tue, 16 Feb 1999 07:10:10 GMT
In article <[EMAIL PROTECTED]>, Johan Kullstam <[EMAIL PROTECTED]>
wrote:
>"Michael Chaney" <[EMAIL PROTECTED]> writes:
>
>> If you would put the Microsoft-hating aside, you would realize that IE4
>> actually is a good browser, as is Navigator 4.
>
>IE is a terrible browser. it doesn't even browse. it doesn't even
>run. you see i am a linux user.
Why should I put it aside when they're so deserving? Besides, using
M$ products gives me a headache (but my wife makes me maintain her
system...)
------------------------------
From: "John Hardin" <[EMAIL PROTECTED]>
Subject: Re: VPN through masquerade
Date: Mon, 15 Feb 1999 17:18:29 -0800
Nick Short wrote in message ...
>I have a bit of a problem that I'm hoping someone else has already fixed,
or
>had some experience with...
>
>I'm using a VPN application to connect through our firewall at work from
>home. I'm connecting to the internet via cable modem and my home network
is
>masqueraded via ipfwadm.
>
>We have a Raptor firewall (Solaris) and using gateway authentication via
>RaptorMobile for Win95.
>
>I've used tcpdump to monitor the traffic from each port and the
RaptorMobile
>traffic never gets forwarded to the Internet port.
>
>If I isolate the Win95 to the cable modem connection, I am able to connect
>to the firewall. This indicates that the problem is in the masquerade
setup
>( or my local network setup).
>
>Anyone have any experience with this?
"VPN" is a rather vague term. If you're using PPTP, take a look at
http://www.wolfenet.com/~jhardin/ip_masq_pptp.html - and if you're using an
IPSEC-based client, wait a couple of weeks - IPSEC masq should be available
by then, too.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
=======================================================================
If you spend any time administering Windows NT, you're far too
familiar with the Blue Screen of Death (BSOD) ...
- "MSDN Flash" email newsletter, 2/9/1999
=======================================================================
98 days until Star Wars episode I
------------------------------
From: [EMAIL PROTECTED] (Victor Wagner)
Subject: Re: Fetchmail/procmail question
Date: 16 Feb 1999 00:37:59 +0300
Juergen Fiedler <juergen> wrote:
: Hi,
: I'm trying to use fetchmail and procmail to download my mail from my
: ISP and sort mail that came from mailing lists into the appropriate
: folder. I managed to do the download thing, but all mail ends up in
: my main mail box (/var/spool/mail/juergen).
:>-------SNIP-------<
: :0:
: * ^To:*ppp
^^^^^^
: /usr/home/juergen/mail/Linux-PPP
: :0:
: * ^To:*kde*
^^ ^^^
: /usr/home/juergen/mail/KDE
:>-------SNIP-------<
There should be .* instead of just *. This is a regexp, not glob pattern
--
========================================================
I have tin news and pine mail...
Victor Wagner @ home = [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Victor Wagner)
Crossposted-To: redhat.networking.general
Subject: Re: Samba WIN-95 question
Date: 16 Feb 1999 00:53:51 +0300
root <[EMAIL PROTECTED]> wrote:
: Does anyone use samba? I have had a problem with my hp 4P printer
: running on a Linux server, over running its printer memory while trying
: to print a windows 95 print job. Is there a better driver that I could
: on the Linix server that would tell the server to stop sending data
: until
: the printer is ready. Would upgrading to a later version of samba
: help? The version of samba I am running is samba-1.9.18p5-1.
I'll reccomend following way:
1. Set up your spooling system under Linux so it would be able to print
PostScript using Ghostscript.
2. Share postscript logical printer with samba
3. Set all windows machines up to use driver for Apple LaserWriter
(first one in Add Printers dialog and classic postscript printer)
I've never seen memory overfuls on LaserJet IIIP, 4P , 5L and 6L when
orinting via Ghostscript, although it is quite possible with Win95
printer driver.
Of course, Ghostscript would consume some CPU cycles on your server,
but considering many useful things you can do with postscript files
(see psutils package and ghostscript itself) it is worth doing anyway.
: Scott Harvey
--
========================================================
I have tin news and pine mail...
Victor Wagner @ home = [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Gurensan)
Subject: Re: How do i get linux onto a 486 box eh?!!?!?!?!
Date: 16 Feb 1999 08:10:50 GMT
If you can get a bootable floppy made, then you are set. Most distros come with
an installation diskette, tho you normally need a CD-ROM to install from that.
Look to LRP. They have a minimal distro meant entirely for a simple network
router on a single floppy. But, nobody sez you can't boot from the hard disk...
: )
[EMAIL PROTECTED] <---- pick which distribution of me is right for
you.
Then install me. I will give you endless hours of hair-pulling pleasure.
------------------------------
From: "Thom V" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup,linux.redhat,linux.redhat.misc
Subject: Simple Samba question. . . I hope
Date: Tue, 16 Feb 1999 08:19:40 GMT
Hello all,
I've got Red Hat 5.2 setup with Samba on a network with Windows 98. The RH
installation is the basic workstation installation with Samba and a few
other things added in after the install. Currently, both machines can ping
each other and I can telnet from the Win98 machine to the RH Linux machine
without any problems. I've even got the basics of Samba working. SMBclient
runs from the linux box fine. I can create directories and everything on
the Win98 machine.
The problem is going the reverse direction. When I double click on the
linux box in Network Neighborhood to access shared directories from Win98 I
get the following message...
Enter Network Password
You must supply a network password to make this connection:
Resource: \\LinuxBox\IPC$
Password:
Doesn't "IPC" stand for something like "Inter Process Communication"? Why
do I need a password for this? Is there a step that I've skipped? What is
the simplest way to resolve this and still keep some degree of security?
Thanks,
Thom Vandenberg
------------------------------
From: "David Z. Maze" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: Sending request to remote WWW server
Date: 16 Feb 1999 10:34:26 -0500
Matt Perdeck <[EMAIL PROTECTED]> writes:
MP> How do I receive a page from a WWW server using a C program? I
MP> need to write a C program (under Linux) that send a request to a
MP> remote WWW server for an .html or .cgi page and then receives that
MP> page. As far as the remote server is concerned, my program would
MP> look like a WWW browser.
Open a socket to TCP port 80 on the remote machine. Send an HTTP
request. Read the HTTP response. Documentation to look at includes:
socket(2), connect(2), read(2), write(2). Also the HTTP spec, at
http://www.w3.org/Protocols/.
--
David Maze [EMAIL PROTECTED] http://donut.mit.edu/dmaze/
"Hey, Doug, do you mind if I push the Emergency Booth Self-Destruct Button?"
"Oh, sure, Dave, whatever...you _do_ know what that does, right?"
------------------------------
Date: Wed, 17 Feb 1999 00:26:38 +0100
From: Job eisses <[EMAIL PROTECTED]>
Subject: Re: Putting Linux on my notebook
Zilog wrote:
> I am having problems with the X setup due to not knowing what the Video system
> is on this older second hand laptop. I do know that it is a Chips and
> Technologies chip set. I also am having difficulty getting my Megehertz
> xjem336 PCMCIA 'ethermodem' card working. Any direction in either of these
> would be greatly appreciated.
Pointer to the PCMCIA linux world:
Linux PCMCIA HOWTO
David Hinds, [EMAIL PROTECTED]
v2.25, 1998/11/17 08:05:43
This document describes how to install and use PCMCIA Card Services
for Linux, and answers some frequently asked questions. The latest
version of this document can always be found at <ftp://hyper.stan-
ford.edu/pub/pcmcia/doc>. An HTML version is at <http://hyper.stan-
ford.edu/HyperNews/get/pcmcia/home.html>.
No "xjem336" in there though, maybe EM3336 will work ?
> Daniel Curry
> [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: Setting up a secure firewall
Date: Tue, 16 Feb 1999 15:28:32 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Thanks for the answers.
>
> My problem isn't setting up masquerading. I allready use this setup today.
> My question is. What do I need and what do I want to avoid installing to
> create a secure firewall/gateway?
> I'm wondering 'bout what services I can safely install. I would like to be
> able to telnet to the firewall from the inside of the LAN if I want to do
> some admin work. Is this safe?
> I don't need sendmail, wich I know is a securety risk. Is there any other
> thing I should/shouldn't install?
>
> TIA. /Jonas
>
>
>
a possible plan of action:
1) Comment out *everything* in /etc/inetd.conf. In fact, don't even run
inetd.
2) Install sshd, the Secure Shell Daemon. This will allow you to connect
securely to the machine.
3) Use ipfwadm to catch spoofing on all interfaces.
4) Use ipfwadm to specify exactly which packet forwarding you will permit
(I suggest none) and what to masquerade (the internal network).
5) Use a proxy server like delegate to proxy services you wish to
provide. Put those services on boxes inside the firewall and configure
the proxy server to connect to those boxes. (Actually, you should set up
what's called a DMZ... you need two firewalls for this and the boxes that
provide services sit in between.)
6) For a limited set of services, use port forwarding (ipportfw or
ipautofw) and make sure that the services on the port-forwarded boxes are
as secure you can make them.
7) Make sure that your smtp server can't be used for spam relaying.
8) Run the paranoia daemons, tcplogd and icmplogd, and check your
firewall's log files every day.
9) Don't let anyone do anything that will transmit their password in
clear text (like ftp or telnet).
Luca
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Geoff Allsup)
Crossposted-To: comp.os.linux.misc
Subject: Re: Please help!
Date: 16 Feb 1999 13:21:13 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 16 Feb 1999 12:52:01 -0500, jack wallen
<[EMAIL PROTECTED]> wrote:
>i've posted a couple of times without success. i'm having difficulty
>with my modem locking up on me. it usually happens during a disconnect.
>i'll run my disconnect script and the modem just locks up. so far the
>only solution i have found is powering down the computer. i always
>thought that one of the beauties of linux was that you could avoid that.
>
I had something similar at one point with some generic internal modem.
The problem was evidently in the modem defaults, and was cured by a
couple of AT commands on startup after modem reset. I've forgotten
exactly what it was (you need to look in your AT commands reference
which should have come with your modem) but it was something like the
following modem initialization string:
ATZ
ATX4&C1&D2
I think it's the &C1 or &D2 that's the important one...?
Anyway, give it a try and good luck,
geoff
******************************************************************
Geoff Allsup Upper Ocean Processes Group
Woods Hole Oceanographic Institution Woods Hole, MA, USA
******************************************************************
------------------------------
Date: Tue, 16 Feb 1999 08:39:17 -0500
From: Jeffrey Fulmer <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: ethernet woes
Hi --
I'm trying to set up two Intel EtherExpress cards in an Intel box
running Linux 2.0.3 I've successfully compiled and installed the
eexpress.o module, but modprobe failed and I don't know the hardware
address of the cards. To simplify matters I removed one of the cards,
but I still can't get the remaining one to work. It seems that I'm
having a hardware conflict. This computer is a single boot Linux OS.
Here's my /proc/ioports
0000-001f : dma1
0020-003f : pic1
0040-005f : timer
0060-006f : keyboard
0080-009f : dma page reg
00a0-00bf : pic2
00c0-00df : dma2
00f0-00ff : npu
01f0-01f7 : ide0
02f8-02ff : serial(auto)
03c0-03df : vga+
03f0-03f5 : floppy
03f6-03f6 : ide0
03f7-03f7 : floppy DIR
03f8-03ff : serial(auto)
Here's the /proc/interrupts
0: 170565 timer
1: 1534 keyboard
2: 0 cascade
6: 28 + floppy
13: 1 math error
14: 7726 + ide0
Thanks in advance,
-- Jeff
------------------------------
From: Alexandre Maret <[EMAIL PROTECTED]>
Subject: strange asymetric transfer rate on 100TX-FD ethernet
Date: Wed, 17 Feb 1999 01:11:54 +0100
hello
I've connected 2 PC using a "null-hub" twisted cable.
The Win98 contains a 3c905. The Linux contains a eepro100B.
For these tests, I'm always using the linux machine as an ftp server,
and 98 as the client.
When downloading (linux -> 98), the transfer rate is ~5000kB/s.
When uploading to linux, it's only ~350kB/s.
The same disks are used, whether I'm uploading or downloading, so it's
not the point.
I've tried to make the 3COM card (win98) work only at 100TX-Full duplex,
but it doesn't change anything. Anyway, the cards correctly do the NWay
negotiation even in "auto-negotiation", as reported by the "mii-diag"
linux tool.
And I'm pretty confident it has nothing to do with the ftp client or
ftp server... ftp on localhost gives me a 7MB/s throughput...
thanks in advance for any clue...
alex
PS: yes I also tried to "reverse" the cable... you never know :)
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: Web server behind firewall with masquerading
Date: Tue, 16 Feb 1999 16:50:17 -0800
In article <01be59de$b3b44460$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
>
> [EMAIL PROTECTED] wrote in article
> <7acd06$4lm$[EMAIL PROTECTED]>...
> > Hello,
> > I have setup a box using slackware 2.0.35 kernel.
> > The box masqerades a network 172.16.1.0. It is also the firewall for
> that
> > network and the primary DNS for that network:domain.
> >
> > The primary web server is on 172.16.1.25 but when an nslookup from the
> net for
> > the web server is made to the DNS, it gives the ip address of 172.16.1.25
> > instead of the masquerade.
> >
> > How do I stop this? Thanks in advance.
>
> There are several ways to deal with this, depending on how many systems
> your private net has on it. For small numbers, the simplest way is to set
> up
> your resolver to use a hosts table first, and then DNS. This has the
> advantage
> that your private name-address mapping is kept out of the Internet. Your
> primary
> DNS server should be advertised as your public IP address, not the private
> one.
> [The files to fix are /etc/resolv.conf and
> /..../{wherever-your-domain-info-is}
>
> For more complex setups, I understand that you can run more than one copy
> of named, each bound to only one interface, (and each using a distinct
> bootfile,
> so that local name service is supplied from one database, and public name
> service
> is supplied from the other; I've never tried this setup, though.
>
Or you can run one named on the firewall for the Internet and another
named on an internal linux machine for private use.
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Luca Filipozzi)
Subject: Re: A dual homed system, routing, dhcpcd
Date: Tue, 16 Feb 1999 16:52:58 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Luca Filipozzi wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] says...
> > > I am wondering if a dual homed system can act as a router, when running
> > > dhcpcd on a NIC that connects to an ADSL modem (Cisco 675) which in turn
> > > is connected to an isp (bridged) while the other NIC has a static
> > > private IP address? I now how to setup static addresses ,dhcpcd and
> > > setup routing tables, but how do you route to a NIC that gets its
> > > address dynamicly?
> > > Any thoughts?
> > >
> > > Thanks
> > > Joey Aguilera
> > >
> > >
> > dhcpcd has a "-c <scriptname>" option. Whenever dhcpcd gets an ip
> > address, it will call the script and will pass the following environment
> > variables: IPADDR, ROUTER, etc., etc.
> >
> > In that script, you can write:
> >
> > route add default gw ${ROUTER}
> >
> > and voila.
> >
> > On the other hand, even though you will be assinged an address
> > dynamically, your default gateway probably will not change since you
> > remain on the same subnet. (unless the ISP has multiple gateways and
> > wishes to spread the load... unlikely). In this case, you need to find
> > out what the default gateway is and set the static route.
>
> Does you provider allow for multiple dynamically assigned IPs, or are
> you planning on doing masquerading? If the former, why not plug the
> modem into the hub and bypass the dual-homing aspect? I am running this
> setup w/my ISP just fine, although I am trying to do some other
> intersting stuff which is in an upcoming post.
>
> Bill Anderson
>
If you plug the cable or adsl modem directly into your hub, then you are
unprotected. The whole point of putting a linux box between the Internet
and the private network is to provide a firewall. It also happens to be
really handy that the firewall can do masquerading or network address
translation.
--
Luca Filipozzi <[EMAIL PROTECTED]>
------------------------------
From: Walter Cardwell <[EMAIL PROTECTED]>
Subject: Re: 2 ip segments on one physical segment
Date: Wed, 17 Feb 1999 00:52:08 GMT
You can do this with a router that supports multiple IP addresses on
each interface (Most Cisco routers do--they call it secondary
addressing.) If your ethernet segment happens to run between two
routers, both of them will have to support secondary addressing.
Hubs don't pay any attention to IP addresses, so there should be no
problem there.
One downside is that your two IP networks still have to share bandwidth,
since they are all using the same wire.
[EMAIL PROTECTED] wrote:
>
> One question came up with me:
>
> if I have 5 hosts on
> 192.168.1.0/24
> while another 5 hosts on
> 192.168.2.0/24
>
> Can I connect these 10 hosts with one ethernet bus to one NIC to central
> hubs or routers?
>
> I think I can but I'm not sure.
>
> Is so, what's the downside?
>
> Hongjun Ma (515)472-2633 [EMAIL PROTECTED]
>
> Graduate student at CS department,Maharishi University of Management
> Fairfield, IA 52557
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
