Linux-Networking Digest #237, Volume #10 Thu, 18 Feb 99 00:13:40 EST
Contents:
Re: PPP config problem under 2.2.1 (jb)
Re: pppd not setting up default route in routing table ("DJ Irvin")
Re: Problem level of PPP+linux 2.2.1? (Steve Pass)
Re: Setting up a secure firewall ("John Hardin")
Re: Linux programming jobs? (Psophos)
Help:Multiple net setup? (Long) (Brian Bergstrand)
FTP RH 5.2 -> RH 5.2 = NFT (No File Transfer) ([EMAIL PROTECTED])
Please refer a LINUX Hacker to me ([EMAIL PROTECTED])
ppp and win95 Peer-to-peer ("paul malabad")
Re: Running diald with a PAP provider (Ken)
Re: RH5.1 & ftpd - where?? (John Thompson)
Re: ne2000 clone help? ([EMAIL PROTECTED])
Re: Help me. I can not setup network. (Carlisle Branch)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (jb)
Subject: Re: PPP config problem under 2.2.1
Date: Wed, 17 Feb 1999 16:47:00 GMT
In article <7a9u9o$[EMAIL PROTECTED]>,
Clifford Kite <[EMAIL PROTECTED]> wrote:
>Keith Davey ([EMAIL PROTECTED]) wrote:
>: I have recently upgraded my kernel to 2.2.1 from 2.0.35 on an evaluation
>: copy of SuSE 5.3. When I attempt to connect via PPP I exit with this
>: error in /var/message. Does anyone know a solution to this problem?
>
>: Feb 15 11:12:10 redlance kernel: registered device ppp0
>: Feb 15 11:12:10 redlance syslog: IPX support is not present in the
>: kernel
>: Feb 15 11:12:11 redlance pppd[251]: pppd 2.2.0 started by root, uid 0
> ^^^^^^^^^^
>This is your problem. Read the 2.2.1 linux/Documentation/Changes file.
>
>
He's correct. Get pppd-2.3.5 from ftp://cs.anu.edu.au/pub/software/ppp/ppp-2.3.5.tar.gz
and build it just like the docs say to. When doing the make kernel part ignore
the messages when the ppp files are copied to the kernel source directories.
The files that come with the kernel will work.
type make to build a new pppd, pppstats, chat, etc. Type make install to install
them.
Oh, I would untar the pppd source into /usr/src and not into, say, /usr/local/src.
Once you have the new pppd in /usr/sbin (slackware, I don't know if it's in a different
place on redhat) you can make a link called pppd to pppd-2.3.5 (in my case I have
pppd-2.0.0, pppd-2.3.3 and pppd-2.3.5 all in /usr/sbin). I think by default pppd
is built and installed as 'pppd' so you can rename it if you do the linking as
I describe.
Once that's all done (and you have a kernel with ppp support compiled in) you
can use the scripts that come with the pppd-2.3.5 distribution. They are in
/ppp-2.3.5/scripts. These should work with a little fiddling. In my case I
had to change the phone number and IP addresses in ppp-on (which is obvious)
and remove the '\r' from in front of the 'send' string "AT" in the chat script
ppp-on-dialer. For some reason this was confusing my modem (a USR 56k external).
That string may not be needed at all anyway.
I have:
slackware 3.5
kernel 2.2.1
ppp-2.3.5
all working nicely.
------------------------------
From: "DJ Irvin" <[EMAIL PROTECTED]>
Subject: Re: pppd not setting up default route in routing table
Date: Wed, 17 Feb 1999 09:32:00 -0600
try looking at /etc/sysconfig/network...one line has gateway
GATEWAY=192.168.1.1 or whatever
change it to 0.0.0.0 and then no default route to eth0 should be created
when starting networking...
Dean
Clifford Kite <[EMAIL PROTECTED]> wrote in message
news:7abu2n$[EMAIL PROTECTED]...
>Ray Benjamin ([EMAIL PROTECTED]) wrote:
>
>: When I look at the routing table using 'route -nr', I see that a default
>: route hasn't been set up. If I check the pppd process, I see that pppd
was
>: started with the defaultroute argument. My assumption is that the lack
of a
>: default route is causing my problem, but I don't know how to fix it.
I've
>
>You have an existing default route to the LAN, it's not necessary since
>a network route will work quite well. Remove this default route and pppd,
>with the defaultroute option, will create a default route through the
>PPP interface. But even with this option pppd won't replace an existing
>route.
>
>I can't tell you what to change by using RH configuration scripts though.
>
>
>--
>Clifford Kite <[EMAIL PROTECTED]> Not a guru. (tm)
>/* Speak softly and carry a +6 two-handed sword. */
------------------------------
Date: Wed, 17 Feb 1999 10:32:50 -0800
From: Steve Pass <[EMAIL PROTECTED]>
Crossposted-To: comp.protocols.ppp,comp.os.linux.setup
Subject: Re: Problem level of PPP+linux 2.2.1?
Daren Scot Wilson wrote:
> I'm new to these newsgroups,would like the judgement of old timers: I'm
> wondering if the number of PPP problems related to the new linux 2.2.1 is
> the "normal level" of trouble routinely found here, or has there been a
> sharp rise from past levels? If the latter, would you attribute this to
> changes in the software, or a sharp rise in beginners?
>
> PPP has always worked fine for me, or at least nothing requiring spelunking
> the newsgroups, HOWTOs and everything, all through 1996, 1997, 1998, but
> suddenly with linux 2.2.1, kablewy!!!
>
> daren wilson
> [EMAIL PROTECTED]
I happen to be a new linux user. Having received most of my training and
experience
from Billware, there are quite a few differences. I, as others, had troubles
with PPP. I don't think
it is for lack of experience, but I think its from the new hardware that is
being put out(PNP) and
the multiple ways of setting up PPP. I combed the Net for HOWTOs and it
seemed there
were no newer ones, which reflect the OS. (I happen to be using RedHat 5.2).
Also, when I
had setup PPP it worked once with my PNP modem and then died. I finally had to
jumper
it. Works like a champ now.
------------------------------
From: "John Hardin" <[EMAIL PROTECTED]>
Subject: Re: Setting up a secure firewall
Date: Wed, 17 Feb 1999 09:39:53 -0800
Jonas wrote in message <[EMAIL PROTECTED]>...
>Thanks for the answers.
>
>My problem isn't setting up masquerading. I allready use this setup today.
>My question is. What do I need and what do I want to avoid installing to
>create a secure firewall/gateway?
>I'm wondering 'bout what services I can safely install. I would like to be
>able to telnet to the firewall from the inside of the LAN if I want to do
>some admin work. Is this safe?
>I don't need sendmail, wich I know is a securety risk. Is there any other
>thing I should/shouldn't install?
>
>TIA. /Jonas
Basically, don't install anything you don't use.
Go through /etc/inetd.conf and comment out anything that you don't use. You
can add reenable it later if you find you do need it. Don't forget to
restart inetd after making your changes (killall -HUP inetd).
Uninstall any services you aren't using. If you don't use NFS, then remove
it from the system. You'll gain back the disk space and prevent one
possible exploit pathway.
Make sure yore /etc/hosts.deny has ALL:ALL in it, which will force you to
explicitly permit the computers you wish to have access in
/etc/hosts.allow.
Write firewall rules. See the GUI for an easy way to do that.
Think "layered defense".
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
=======================================================================
If you spend any time administering Windows NT, you're far too
familiar with the Blue Screen of Death (BSOD) ...
- "MSDN Flash" email newsletter, 2/9/1999
------------------------------
From: Psophos <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.system,comp.os.linux.development.apps
Subject: Re: Linux programming jobs?
Date: Wed, 17 Feb 1999 18:32:30 +0000
Another tack if you get nowhere.
Work out how much $ you'd need to earn in 1 year just to survive (food,
rent, bills, etc.). This is almost certainly less than what
professionals will earn. Look for jobs in your area along the lines that
you want. Then try and talk to the people doing the hiring. Say you will
work for X for a year to get the experience.
Also. Get & install a copy of FreeBSD. That may help.
Something that may help more is to go to SUN's home page & join the
developer section. Part of that will allow you to obtain Solaris 7 (ver
2.7) for about $30. Install this (free for deveolpment of Software &
personal use) and learn to program it. It helps that this is a well
known commercial OS.
Good luck, I know what you're going through.
Me.
Bill Ripley wrote:
>
> 1. Don't get discouraged!
> 2 Keep at it. 20 applications or resumes is not all that many.
> 3 Apply even if you are not 100% qualified (degree, etc), they often advertise for
> the ideal candidate but will hire someone not as qualified when the ideal never
> appears.
>
> "Pavel V. Zaitesev" wrote:
>
> > Hello, fellow linux hackers.
> > I'm currently looking for work, that involves linux/unix programming, but
> > can find none. All jobs here require degree and /or 5-10 paid work
> > experience. I am a little upset now, because local authorities changing
> > law locally to allow programmer to work for more hours, but I couldn't
> > find a single job. Would the problem be:
> > 1. Bad resume
> > 2. looking in the worng places
> > 3. too dumb
> > I am 20 and abviously have no degree, nor any paid work experience.
> > I finished high school, I know linux/w95 well as well as C++, perl, Java,
> > Pascal, sh, bash. I know how to setup any kind of software. Able to
> > troubleshoot any software conflict. Currently I am working on a electronic
> > sales system.
> > Here in Victoria, BC. Canada, they are changing laws so that high tech
> > employees can work more, but I see no sign of shortage of computer
> > programmers. I applied at ~ 20 local places 2 interviews, one of them, was
> > promising, but no can do. It seems like many employers are arrogant.
> > I went to dice.com and hotjobs.com and they had few jobs, but most in the
> > states or other side of Canda(toronto). Most of them required degree or
> > large work experience periods. Should I even bother to apply?
> > What tactics should I use?
> > I do not know NT, but know Win32 programming. NT is way too expensive for
> > me, but I am willing to learn. Actually that where I concentrated my
> > efforts, to learn how to learn quickly...
> > So would you think that I should earn my money for education in Macs or
> > subway, or should I try harder? I am willing to move, but would company
> > pay for my relocation? I have no idea of how and where to look for
> > high-tech jobs. I wonder if you can give me any hints , like which way
> > should I direct my energy...
> > I posted to this group because most people here, may be working with linux
> > for a job.
> > Thank you for your time.
> > Pavel
> >
> > .*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~.*~
> > "Nobody has a right to complain about your own code, but you..."
> > -- Linus Torvalds http://victoria.tc.ca/~ws821
------------------------------
From: [EMAIL PROTECTED] (Brian Bergstrand)
Subject: Help:Multiple net setup? (Long)
Date: Wed, 17 Feb 1999 12:18:03 -0600
I recently upgraded our department's linux server to be used on another
subnet, and now I am seeing
intermittent problems where one of the networks will be unreachable from
outside the respective
subnet. The machine is running slackware 3.6, kernel 2.2.1, ipchains
1.3.8, with a 3c509b(ISA10BT) on eth0
and a 3c905 (PCI100BT) on eth1. This exact config minus the new network
(3c905) was working perfectly,
now either network tends to become invisible to the outside network. This
problem seems to be
aggrevated when the firewall is up, but is not exclusive to the firewall
being up.
This machine is assigned 3 IP address in the following way:
address1 from network1 on eth0
address2 from network1 on eth0:0 (same network as address1)
address3 from network2 on eth1,
I don't necessarily want to route between the two interfaces, I just want
them both
to work, and provide their respective services.
I think the problem lies in the way the default gateway's are specified
(see below),
but I am not sure. Should I be using routed?
If anyone can help, it would greatly appreciated.
TIA,
Brian
======================= Detailed Info==================================
My general firewall setup is:
input default deny
--exceptions to input default for required services on each ip addr. , the
specific interface is not included in the rules
output default accept
--no exceptions
forward default deny
--no exceptions
Here is the net config script (the variables are assigned correct values):
if [ "$KVERSION" = "2.2" ]; then
#turn on Source Address Verification - must do this BEFORE any
interfaces are init.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo "done."
else
echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.
fi
#turn on forwarding, otherwise the firewall will not work
echo "Turning on IP forwarding."
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
# Attach the loopback device.
/sbin/ifconfig lo 127.0.0.1
/sbin/route add -net 127.0.0.0 netmask 255.0.0.0 lo
#eth0 setup
/sbin/ifconfig eth0 ${IPADDR} broadcast ${BROADCAST} netmask ${NETMASK}
#now set up our aliased ip addrs
/sbin/ifconfig eth0:0 ${VHOST1} broadcast ${BROADCAST} netmask ${NETMASK}
/sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 metric 1 eth0
########################### eth1 setup ###############################
#IPADDR, BROADCAST and GATEWAY are all redefined with the correct values
for the new network
/sbin/ifconfig eth1 ${IPADDR} broadcast ${BROADCAST} netmask ${NETMASK}
/sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 metric 1 eth1
here is the ifconfig and route outputs after the machine is done booting:
(under kernel 2.2.x, ifconfig will not show the aliased interface,
unlessed specifically asked,
i.e. ifconfig etho0:0. Don't know why.)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
EtherTalk Phase 2 addr:0/0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:7349 errors:0 dropped:0 overruns:0 frame:0
TX packets:7349 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0
eth0 Link encap:Ethernet HWaddr 00:60:8C:F2:C9:38
inet addr:xxx.xxx.x.xx Bcast:xxx.xxx.x.255 Mask:255.255.255.0
EtherTalk Phase 2 addr:704/205
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:595895 errors:0 dropped:0 overruns:0 frame:0
TX packets:618 errors:0 dropped:0 overruns:0 carrier:0
Collisions:5
Interrupt:5 Base address:0x300
eth1 Link encap:Ethernet HWaddr 00:10:5A:1B:E7:20
inet addr:xxx.xxx.x.xxx Bcast:xxx.xxx.x.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:762334 errors:0 dropped:0 overruns:0 frame:0
TX packets:14991 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0
Interrupt:11 Base address:0x1080
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xxx.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
xxx.xxx.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 xxx.xxx.x.1 0.0.0.0 UG 1 0 0
eth1#default gw
0.0.0.0 xxx.xxx.x.1 0.0.0.0 UG 1 0 0
eth0#default gw
------------------------------
From: [EMAIL PROTECTED]
Subject: FTP RH 5.2 -> RH 5.2 = NFT (No File Transfer)
Date: Thu, 18 Feb 1999 00:42:56 GMT
Hello All, Well you can't blame me for this one. I have searched all over
the place for anyone who may have this problem before me. I have a Linux
machine set up as a firewall doing IP Masq on a small company network.
Within that network is another Linux machine as the main file server. The
main file server is running RH 5.0. The firewall however is running RH 5.2.
I have a workstation at home that also is running 5.2. I have set up FTP
(not anonymous) on both the machine at home and the firewall at work. The
ftp services work flawlessly from any Windows machine, they also have no
problem with the 5.0 machine. Hard as I may try to get the two 5.2 machines
to talk to each other, I can't transfer files. I can login fine, I can
display directories. When I do a file transfer it starts the transfer and
then just hangs or so it seemed. I recently put a sniffer on it and I saw
that the data transfer did not actually stop, it just slowed down to an
absolute trickle. But they work great from any other client! Yes the
ip_masq_ftp module is loaded. Yes I have tried Passive mode. I have been
waiting to see if anyone else had this problem, and no one has posted
anything, so I thought I might ask. Any clues??
Thanks for your time
Sam
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Please refer a LINUX Hacker to me
Date: Tue, 09 Feb 1999 20:11:09 GMT
Reply-To: [EMAIL PROTECTED]
LINUX PC Cluster Engineer
National Energy Research Scientific Computing (NERSC) Division at
Berkeley Lab. Berkeley, CA
Berkeley Lab is oldest of the nation's national laboratories and a
leader in basic scientific research. Located next to the University of
California at Berkeley, Berkeley Lab has a policy of doing no
weapons-related research. The NERSC Division comprises a national
facility for scientific computation, including one of the world's
fastest computers, a Cray T3E-900/640, and a research department
focusing on high performance scientific computing.
We're looking for at least one Linux hacker to join the NERSC PC Cluster
Project, whose purpose is to develop the infrastructure for
full-featured "plug-and-play" PC clusters for scientific
computing. Activities include development of cluster infrastructure such
as Glunix, cluster management and configuration tools, VIA device
drivers and MPI over VIA, as well as working with NERSC clients to build
clusters, writing documentation, running the 32-node NERSC testbed
cluster, and packaging and supporting cluster software. We need people
with a thorough knowledge of Linux, excellent C and Perl programming
ability, strong communication skills, interest in support as well as
development, knowledge of clusters and a desire to work in a fast-paced
and entrepreneurial environment.
Please include Job Code Ners246 on all submissions. EOE.
For more information on this job, see http://www.lbl.gov/CJO/NERS246.html
============================
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "paul malabad" <[EMAIL PROTECTED]>
Subject: ppp and win95 Peer-to-peer
Date: Wed, 17 Feb 1999 00:27:53 -0800
with My ppp connection, I can connect to all the unix boxes on my network,
but I cannot browse the win95 network. Any ideas? I'm told that I can have
a true tcp-ip network only.
In win95 I am using dialupnetworking, and I've got the tcpip and client for
microsoft and file/print sharing enable. Am I missing something from the
unix side or windows????
Thanks fir your hel
Paul
------------------------------
Date: Wed, 17 Feb 1999 19:10:50 -0800
From: Ken <[EMAIL PROTECTED]>
Subject: Re: Running diald with a PAP provider
K.A. Steensma wrote:
>
> I have to admit that it took hours and hours in trying to get PAP
> authenication working. I finally had to contact someone who said that
> using 'linuxconf' (on a RH 5.2) is a bunch easier. So now that I have
> that working ( I call up the link by typing 'usernetctl ifcft-ppp0 up'),
> I need to get diald working. Diald has been working fine (on my old ISP
> that used prompted sign-on), but converting this setup over to PAP has
> not been easy. I have tried making a 'real' simple 'connect' script,
> but I have not suceeded. I figured that reading through the old
> newgroup messages (at http://www.dejanews.com) would answer my
> questions. But it seems that nobody has give a 'plain' enough answer
> that I could understand.
>
> I get the idea that I've made things too complicated, but I guess I need
> someone to lead me toward the correct answer. TIA Keith
It's my understanding that diald is really just a nice frontend for pppd
that monitors a standin interface (sl0) and starts pppd when it sees
activity going out the dummy sl0. So you should be able to use all your
settings from your original PAP setup within diald.
I'm not using PAP but I found it pretty straightforward to set up for a
scripted ISP login.
--
Ken
mailto:[EMAIL PROTECTED]
http://www.well.com/user/shiva/
http://www.e-scrub.com/cgi-bin/wpoison/wpoison.cgi (Death to Spam!)
------------------------------
From: John Thompson <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: RH5.1 & ftpd - where??
Date: Wed, 17 Feb 1999 21:19:16 -0600
Mark Hamlin wrote:
>
> Does ftpd come with the CDROM distribution of RH5.1. I have the man
> page but it does not appear to be on the sysytem. Is there an
> alternative tucked away somewhere??? or do I need to download it? I am
> a newbie to system admin so if there are any issues not in the readme
> surrounding its installation please let me know
wu-ftpd came with my copy of RH v5.1. I can't remember if it
is installed by default, though. Check your CD; it ought to
be there.
--
-John ([EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ne2000 clone help?
Date: Thu, 18 Feb 1999 04:29:04 GMT
On Thu, 14 Jan 1999 06:48:01 GMT, KHK <[EMAIL PROTECTED]>
wrote:
>I have an old 486/66 that I would like to use as a fire-wall and
>I've been stumped ! Perhaps someone out there is gracious enough
>to help.
>
>The problem is as follows:
>
>I have a cheap ne2000 clone (SN-2000 ISA card matter of fact) that
>works in a friend's 486/66 running redhat 5.1.
>
>When I put it in my 486/66 running redhat 5.2, no matter what I
>try the card is not detected.
those old ISA ne2000 NICs can be quite troublesome if you don't
recompile the kernel and hardlink the ne2000 driver in. You can pick
up the most recent 2.0.x kernel sources from ftp.kernel.org
------------------------------
From: [EMAIL PROTECTED] (Carlisle Branch)
Subject: Re: Help me. I can not setup network.
Date: Thu, 18 Feb 1999 03:05:26 GMT
On Thu, 18 Feb 1999 11:20:54 +0900, "wllee" <[EMAIL PROTECTED]>
wrote:
>Yesterday, I tried to install linux slakware v 3.3.0.
>I could install this successfully. But I can't the network part - linux did
>not found the ethernet card.
>
>I have a EtherExpress Pro 10+ of Inter for ISA bus.
>
>What can I do? Please Help Meeeee.
>
>
I have no experience with that card, but you might either check the
IRQ and the memory address or you may have to load a particular
module for that card.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
